[36892] in Kerberos

home help back first fref pref prev next nref lref last post

RE: gss_init_sec_context with delegated_cred_handle error

daemon@ATHENA.MIT.EDU (Xie, Hugh)
Tue Apr 7 13:25:16 2015

Date: Tue, 07 Apr 2015 17:24:42 +0000
From: "Xie, Hugh" <hugh.xie@bankofamerica.com>
In-reply-to: <5523FE0F.6040504@mit.edu>
To: "<kerberos@mit.edu>" <Kerberos@mit.edu>
Message-id: <7E270C3427928E499F189C5636C52CDC45DB8777@smtp_mail.bankofamerica.com>
MIME-version: 1.0
Content-language: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu

Thanks. Will upgrade to 1.11

-----Original Message-----
From: Greg Hudson [mailto:ghudson@mit.edu] 
Sent: Tuesday, April 07, 2015 11:56 AM
To: Xie, Hugh
Subject: Re: gss_init_sec_context with delegated_cred_handle error

On 04/07/2015 08:32 AM, Xie, Hugh wrote:
> Will gss_acquire_cred automatically refresh the cache if credential in KRB5CCNAME file expired? If not, is that a way to force refresh without removing the file?
> 
> I am using KRB5 v1.10.

If the creds were obtained automatically using the keytab, they will be refreshed from the keytab once they are halfway to expiring.

However, keytab initiation was first implemented in 1.11, so it won't work if you're using 1.10.

----------------------------------------------------------------------
This message, and any attachments, is for the intended recipient(s) only, may contain information that is privileged, confidential and/or proprietary and subject to important terms and conditions available at http://www.bankofamerica.com/emaildisclaimer.   If you are not the intended recipient, please delete this message.
________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos

home help back first fref pref prev next nref lref last post