Question about krb5_get_renewed_creds
Markus Moeller
huaraz at moeller.plus.com
Sun Sep 9 15:05:49 EDT 2007
My application tries to renew credentials with krb5_get_renewed_cred about
every 5 minutes for the default principal. Will a following
gss_init_sec_context request a new service principal or do I need to call
krb5_get_renewed_cred also for the service principal ?
I see the following when renewing and storing the credentials on Windows and
gss_init_sec_context fails with ticket expired as it doesn't seem to
attempt to renew the service principal with the maximal krbtgt (here
19:39:57) expiry time but uses the initial expiry time of 19:29:47.
>"c:\Program Files\MIT\Kerberos\bin\klist.exe" -c FILE:d:\thread_test_4148
Ticket cache: FILE:d:\thread_test_4148
Default principal: markus at WINDOWS2003.HOME
Valid starting Expires Service principal
09/09/07 19:17:47 09/09/07 19:29:47
krbtgt/WINDOWS2003.HOME at WINDOWS2003.HOME
renew until 09/09/07 20:20:47
09/09/07 19:18:07 09/09/07 19:29:47 krbtgt/SUSE.HOME at WINDOWS2003.HOME
renew until 09/09/07 20:20:47
09/09/07 19:18:22 09/09/07 19:29:47 HTTP/opensuse.suse.home at SUSE.HOME
renew until 09/09/07 20:20:47
09/09/07 19:22:56 09/09/07 19:34:56
krbtgt/WINDOWS2003.HOME at WINDOWS2003.HOME
renew until 09/09/07 20:20:47
09/09/07 19:27:57 09/09/07 19:39:57
krbtgt/WINDOWS2003.HOME at WINDOWS2003.HOME
renew until 09/09/07 20:20:47
09/09/07 19:32:44 09/09/07 19:29:47 HTTP/opensuse.suse.home at SUSE.HOME
renew until 09/09/07 20:20:47
09/09/07 19:27:57 09/09/07 19:39:57
krbtgt/WINDOWS2003.HOME at WINDOWS2003.HOME
renew until 09/09/07 20:20:47
Thank you
Markus
More information about the Kerberos
mailing list