[35888] in Kerberos
Re: Fwd: Kerberos5 ticket auto renewal
daemon@ATHENA.MIT.EDU (Will Fiveash)
Wed Mar 19 19:02:51 2014
Date: Wed, 19 Mar 2014 18:02:23 -0500
From: Will Fiveash <will.fiveash@oracle.com>
To: Russ Allbery <eagle@eyrie.org>
Message-ID: <20140319230223.GA9598@oracle.com>
Mail-Followup-To: Russ Allbery <eagle@eyrie.org>,
Wendy Lin <wendlin1974@gmail.com>, kerberos@mit.edu
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <87d2hjs86z.fsf@windlord.stanford.edu>
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
On Tue, Mar 18, 2014 at 10:55:16AM -0700, Russ Allbery wrote:
> Wendy Lin <wendlin1974@gmail.com> writes:
> > On 18 March 2014 15:09, Tomas Kuthan <tomas.kuthan@oracle.com> wrote:
>
> >> I don't think there is one.
>
> > How can ktkt_warn renew tickets without having a password?
>
> Presumably it uses renewable tickets. Renewable Kerberos tickets can be
> renewed up to the renewable lifetime, which is often configured to be
> longer than the regular ticket lifetime.
Yes, think of ktkt_warnd as a daemon that periodically does "kinit -R"
to keep a user's initial TGT cred alive if possible.
--
Will Fiveash
Oracle Solaris Software Engineer
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
