[36661] in Kerberos
how to properly renew a renewal TGT
daemon@ATHENA.MIT.EDU (Dave Botsch)
Mon Dec 8 10:25:25 2014
Date: Mon, 8 Dec 2014 10:24:47 -0500
From: Dave Botsch <botsch@cnf.cornell.edu>
To: kerberos@mit.edu
Message-ID: <20141208152447.GN28239@cnf.cornell.edu>
MIME-Version: 1.0
Content-Disposition: inline
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
So, from reading the RFC and looking at what kerberos clients do, it
seems there are potentially several different ways to renew a renewable
TGT.
I'm looking, in this case, at what a MS Windows client does with a MIT
Kerberos KDC, when I *don't* get another renewable TGT on the renewal.
So, at renew time, MS Windows is sending back to the MIT KDC the
original renewable TGT. In the Request Body section, the client requests
a TGT with the following set:
a 'till of 2037-09-13
the Renew option set in the flags
and that's it.
The MIT KDC sends back a new TGT that is not renewable and with the
renew til time the same as the end time.
I suspect that in this case, the MS Client should be also setting the
Renewable OK flag, since it's basically requesting a long term ticket?
Or, it should be requesting specific end and renew til times with the
RENEW and Renewable flags set?
Thanks.
--
********************************
David William Botsch
Programmer/Analyst
@CNFComputing
botsch@cnf.cornell.edu
********************************
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
