Renewable ticket ?

Nicolas Williams nmw at ubsw.com
Wed May 8 09:32:24 EDT 2002


I have added an option, -E, to klist here which causes klist to print
the number of seconds left to TGT expiry and the number of seconds left
to TGT renewal limit - as with -s, exit status is set to 0 if there's a
valid TGT for the given ccache's default principal, 1 otherwise.

With this one can write a script to check all ccaches, renew the
renewable ones which would expire soon, warn users about ccaches that
can't be renewed and then wait a reasonable amount of time before
starting again. And if a ccache's user is no longer logged in then you
can even let the tickets therein lapse.

I can post the klist diff if you wish. The rest is upto you.

Nico

On Wed, May 08, 2002 at 12:35:54PM +0200, Marc wrote:
> Nils Olav Selåsdal wrote:
> 
> > 
> >>-----Original Message-----
> >>From: kerberos-admin at mit.edu [mailto:kerberos-admin at mit.edu] 
> >>On Behalf Of Marc
> >>Sent: Wednesday, May 08, 2002 10:03 AM
> >>To: kerberos at mit.edu
> >>Subject: Renewable ticket ?
> >>
> >>
> >>Hello,
> >>
> >>Is it somehow possible to make a ticket auto renewable ? What 
> >>I mean is 
> >>when I log in I get my ticket and then when the ticket 
> >>expires I don't 
> >>need to manually do a kinit to get a new ticket.
> >>
> >>I had a look in Kerberos V5 System administrator's guide but found 
> >>nothing, no renewable option or something like that which I 
> >>could use in 
> >>krb5.conf.
> >>
> >>Any ideas ?
> >>
> > Make a cron or at job that does it for you.
> > 
> > ________________________________________________
> > Kerberos mailing list           Kerberos at mit.edu
> > http://mailman.mit.edu/mailman/listinfo/kerberos
> > 
> > 
> 
> Well that is fine in a single user workstation case but how do you cope 
> with a multi-user system ??
> 
> Regards
> 
> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> http://mailman.mit.edu/mailman/listinfo/kerberos

Visit our website at http://www.ubswarburg.com

This message contains confidential information and is intended only 
for the individual named.  If you are not the named addressee you 
should not disseminate, distribute or copy this e-mail.  Please 
notify the sender immediately by e-mail if you have received this 
e-mail by mistake and delete this e-mail from your system.

E-mail transmission cannot be guaranteed to be secure or error-free 
as information could be intercepted, corrupted, lost, destroyed, 
arrive late or incomplete, or contain viruses.  The sender therefore 
does not accept liability for any errors or omissions in the contents 
of this message which arise as a result of e-mail transmission.  If 
verification is required please request a hard-copy version.  This 
message is provided for informational purposes and should not be 
construed as a solicitation or offer to buy or sell any securities or 
related financial instruments.




More information about the Kerberos mailing list