Fwd: Kerberos5 ticket auto renewal
Will Fiveash
will.fiveash at oracle.com
Wed Mar 19 19:02:23 EDT 2014
On Tue, Mar 18, 2014 at 10:55:16AM -0700, Russ Allbery wrote:
> Wendy Lin <wendlin1974 at gmail.com> writes:
> > On 18 March 2014 15:09, Tomas Kuthan <tomas.kuthan at oracle.com> wrote:
>
> >> I don't think there is one.
>
> > How can ktkt_warn renew tickets without having a password?
>
> Presumably it uses renewable tickets. Renewable Kerberos tickets can be
> renewed up to the renewable lifetime, which is often configured to be
> longer than the regular ticket lifetime.
Yes, think of ktkt_warnd as a daemon that periodically does "kinit -R"
to keep a user's initial TGT cred alive if possible.
--
Will Fiveash
Oracle Solaris Software Engineer
More information about the Kerberos
mailing list