[36878] in Kerberos
Re: Ticket expires 120 seconds early?
daemon@ATHENA.MIT.EDU (Stephen Carville)
Thu Apr 2 17:49:27 2015
Message-ID: <551D5141.1040904@lereta.com>
Date: Thu, 02 Apr 2015 07:25:05 -0700
From: Stephen Carville <scarville@lereta.com>
MIME-Version: 1.0
To: kerberos@mit.edu
In-Reply-To: <1820822250.74268491427981011700.JavaMail.root@ip-10-157-87-173.ec2.internal>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
My first suspicion is that the clocks on the machines are out of sync.
On 04/02/2015 06:16 AM, Robbert Eggermont [Masked] wrote:
> Hi,
>
> For some time (years) I've been using tickets with a 1 minute lifetime
> (in cron jobs). Lately, this is giving me problems:
>
> $ kinit -l 1m -k -t <keytab> <principal> && kvno 'host/<host>'
> kvno: Ticket expired while getting credentials for host/<host>@<domain>
>
> With RHEL7 (krb5-1.12.2), the problems seem to be much worse, so I did a
> little experimentation which seems to indicate some kind of limit at 120s:
>
> $ kinit -l 120s -k -t <keytab> <principal> && kvno 'host/<host>'
> kvno: Ticket expired while getting credentials for host/<host>@<domain>
> $ kinit -l 121s -k -t <keytab> <principal> && kvno 'host/<host>'
> host/<host>@<domain>: kvno = 3
>
> The first fails 90% of the time, the second succeeds 90% of the time.
>
> What am I seeing here, and is it supposed to be like this?
>
> Thanks,
>
> Robbert
>
--
Stephen Carville
1123 Park View Drive | Covina, CA 91724
626-339-5221 X1326
scarville@lerNOSPAMeta.com
=================================================
laeti vescimur nos subacturis
=================================================
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
