[36896] in Kerberos
Re: Question about how to obtain renewable ticket?
daemon@ATHENA.MIT.EDU (Neng Xue)
Mon Apr 13 17:40:12 2015
Message-ID: <552C37AB.5030607@oracle.com>
Date: Mon, 13 Apr 2015 14:39:55 -0700
From: Neng Xue <neng.xue@oracle.com>
MIME-Version: 1.0
To: Greg Hudson <ghudson@mit.edu>
In-Reply-To: <552C3586.5050306@mit.edu>
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Hi Greg,
Thanks so much! I should have asked you sooner. It was because that the
krbtgt/NEXUE.COM did not have a max renewable lifetime :)
Best,
Neng
On 04/13/15 02:30 PM, Greg Hudson wrote:
> On 04/13/2015 05:13 PM, Neng Xue wrote:
>> However, when I used 'kinit -r 20m', the klist -f output was:
> The KDC won't issue a renewable ticket if you request a lifetime greater
> than the renewable lifetime. You could try "kinit -l 10m -r 20m", or
> "kinit -r 2d" or something.
>
> Also make sure that krbtgt/NEXUE.COM has a max renewable lifetime; the
> KDC checks both the client and server principal entries.
>
--
Neng Xue
Oracle Solaris Software Engineer
Santa Clara, CA, USA
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
