Ticket lifetimes > 10 hrs?

Ken Hornstein kenh at cmf.nrl.navy.mil
Fri Nov 15 11:10:30 EST 2002


>> and you
>> CANNOT get a new ticket for that service without acquiring a new TGT.
>>
>
>- Um, that seems very broken. Is the problem just that the mk_req
>routines are not checking the expiration time of the existing
>service ticket?

There are two problems:

- The MIT client side library wont get you a new service ticket if you
  have one already cached, even if it's expired.
- Even if you DID get a new ticket, it would have already expired (you would
  be limited by TGT start time plus service expiration time).

--Ken



More information about the Kerberos mailing list