Thoughts on long-lived credentials
Douglas E. Engert
deengert at anl.gov
Thu Jan 19 12:10:02 EST 2006
Luke Howard wrote:
> Another issue is what to do when a TGT is no longer renewable. At first, we
> thought one might wish to store one's long-term Kerberos key at logon, so it
> would be possible to reacquire a TGT after the renewable lifetime was up. (*)
>
If using PKINIT or if the ticket cache was from a forwarded ticket, there
is no long term key available on the machine to store, so please don't even
consider this as an option.
> --
> ________________________________________________
> Kerberos mailing list Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>
>
--
Douglas E. Engert <DEEngert at anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
More information about the Kerberos
mailing list