[3495] in Kerberos-V5-bugs
Re: [krbdev.mit.edu #1199] Local host login results in host ticket that expires in 5 minutes
daemon@ATHENA.MIT.EDU (Ken Raeburn via RT)
Mon Sep 30 13:58:38 2002
Mail-Followup-To: rt@krbdev.mit.edu
Message-Id: <rt-1199-3097.4.51486795190206@krbdev.mit.edu>
In-Reply-To: <rt-1199@krbdev.mit.edu>
From: "Ken Raeburn via RT" <rt-comment@krbdev.mit.edu>
Reply-To: rt-comment@krbdev.mit.edu
Mail-Copies-To: never
To: kenh@cmf.nrl.navy.mil
Cc: krb5-prs@mit.edu
Errors-To: krb5-bugs-admin@mit.edu
Date: Mon, 30 Sep 2002 13:56:56 -0400 (EDT)
"Sam Hartman via RT" <rt-comment@krbdev.mit.edu> writes:
> I'd recommend getting a full lifetime ticket and also causing the
> ccache routines not to return expired tickets when being called by
> something like mk_req.
Not quite that simple -- under what circumstances should we still
return "ticket expired" instead of "no ticket"? Presumably for the
TGT, but that's information the ccache layer shouldn't be dealing
with. Probably the next layer up should be checking for expired
tickets.
But yes, it makes no sense to have the acquired host ticket have a
shorter lifetime than the TGT.
Ken
_______________________________________________
krb5-bugs mailing list
krb5-bugs@mit.edu
http://mailman.mit.edu/mailman/listinfo/krb5-bugs
