[16497] in Kerberos_V5_Development
Re: preserve original starttime on renewed TGTs
daemon@ATHENA.MIT.EDU (Nicolas Williams)
Fri Nov 19 17:02:49 2010
Date: Fri, 19 Nov 2010 16:01:41 -0600
From: Nicolas Williams <Nicolas.Williams@oracle.com>
To: Simo Sorce <ssorce@redhat.com>
Message-ID: <20101119220140.GR20162@oracle.com>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <20101119164342.49d56360@willson.li.ssimo.org>
Cc: krbdev@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu
On Fri, Nov 19, 2010 at 04:43:42PM -0500, Simo Sorce wrote:
> On Fri, 19 Nov 2010 13:21:34 -0800
> Frank Cusack <frank+krb@linetwo.net> wrote:
>
> > When running 'kinit -R', the KDC resets the starttime on the returned
> > TGT to "now". I'd like to modify my KDC to preserve the original
> > starttime instead. That could make a renewed TGT appear to have
> > longer than the normal maximum configured lifetime, but it seems like
> > a fairly trivial non-problem. As opposed to a postdated ticket, this
> > would be now be a predated ticket.
>
> Hi Frank,
> I am curious to understand why you want to do that.
> What class of use cases does it solve?
My guess: it helps deal with servers whose clocks are a little bit
behind (but still within skew).
Nico
--
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
