[39307] in Kerberos
Re: renew ticket failed
daemon@ATHENA.MIT.EDU (Greg Hudson)
Thu Nov 9 18:54:11 2023
Message-ID: <31501151-b503-4b1e-a6f3-345c44f0d7c3@mit.edu>
Date: Thu, 9 Nov 2023 18:52:33 -0500
MIME-Version: 1.0
Content-Language: en-US
To: Dong Ye <yedong.ye@gmail.com>, <kerberos@mit.edu>
From: "Greg Hudson" <ghudson@mit.edu>
In-Reply-To: <CADX758cSLcoBWFGzjbbbGqBopv8z0hsJgo+2XXegQP4CZxuhSQ@mail.gmail.com>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Errors-To: kerberos-bounces@mit.edu
On 11/8/23 16:13, Dong Ye wrote:
> we encountered an issue where we can't renew the ticket before the
> ticket expires. Seems the ticket is renewable but its renew_till time is
> before its end_time. How is it possible?
It's possible if the ticket was requested that way ("kinit -l 2h -r 1h"
for instance). For a period of time (1.12 through 1.15) the MIT krb5
KDC issued non-renewable tickets for such requests, but that was found
to be disruptive to scripts, so it once again issues renewable tickets
whose end times can't be extended.
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
