Question about krb5_get_renewed_creds

Markus Moeller huaraz at moeller.plus.com
Sun Sep 9 15:05:49 EDT 2007


My application tries to renew credentials with  krb5_get_renewed_cred about 
every 5 minutes for the default principal. Will a following 
gss_init_sec_context request a new service principal or do I need to call 
krb5_get_renewed_cred also for the service principal ?
I see the following when renewing and storing the credentials on Windows and 
gss_init_sec_context  fails with ticket expired as it doesn't seem to 
attempt to renew the service principal with the maximal krbtgt (here 
19:39:57) expiry time but uses the initial expiry time of 19:29:47.

>"c:\Program Files\MIT\Kerberos\bin\klist.exe" -c FILE:d:\thread_test_4148
Ticket cache: FILE:d:\thread_test_4148
Default principal: markus at WINDOWS2003.HOME


Valid starting     Expires            Service principal
09/09/07 19:17:47  09/09/07 19:29:47 
krbtgt/WINDOWS2003.HOME at WINDOWS2003.HOME
        renew until 09/09/07 20:20:47
09/09/07 19:18:07  09/09/07 19:29:47  krbtgt/SUSE.HOME at WINDOWS2003.HOME
        renew until 09/09/07 20:20:47
09/09/07 19:18:22  09/09/07 19:29:47  HTTP/opensuse.suse.home at SUSE.HOME
        renew until 09/09/07 20:20:47
09/09/07 19:22:56  09/09/07 19:34:56 
krbtgt/WINDOWS2003.HOME at WINDOWS2003.HOME
        renew until 09/09/07 20:20:47
09/09/07 19:27:57  09/09/07 19:39:57 
krbtgt/WINDOWS2003.HOME at WINDOWS2003.HOME
        renew until 09/09/07 20:20:47
09/09/07 19:32:44  09/09/07 19:29:47  HTTP/opensuse.suse.home at SUSE.HOME
        renew until 09/09/07 20:20:47
09/09/07 19:27:57  09/09/07 19:39:57 
krbtgt/WINDOWS2003.HOME at WINDOWS2003.HOME
        renew until 09/09/07 20:20:47


Thank you
Markus 






More information about the Kerberos mailing list