Ticket lifetimes > 10 hrs?

Ben Cox cox-work at djehuti.com
Fri Nov 15 11:52:04 EST 2002


On Fri, 2002-11-15 at 11:10, Ken Hornstein wrote:
> There are two problems:
> 
> - The MIT client side library wont get you a new service ticket if you
>   have one already cached, even if it's expired.

Is this just a matter of someone leaving out a KRB5_TC_MATCH_TIMES flag
somewhere?

> - Even if you DID get a new ticket, it would have already expired (you would
>   be limited by TGT start time plus service expiration time).

This part I'm not sure is true; see my other note on the topic.

-- Ben





More information about the Kerberos mailing list