Tickets Longer Than Wanted?
Tom Yu
tlyu at MIT.EDU
Fri Jan 4 17:32:43 EST 2008
>>>>> "John" == John Hascall <john at iastate.edu> writes:
John> Given the following code snippet:
krb5_creds rq;
time_t now = time(NULL);
memset(&rq, 0, sizeof(rq));
rq.times.starttime = now;
rq.times.endtime = now + 1024;
rq.client = iasc->sc_k5_me;
rq.server = server;
k5_err = krb5_get_in_tkt_with_keytab(iasc->sc_k5_context, 0,
NULL, NULL, NULL,
iasc-sc_k5_keytab,
NULL, &rq, NULL);
John> Why am I getting tickets with a 1 day (86400 second) lifetime?
John> (I was trying to test with a short lifetime to see if some
John> ticket-renewing code was working correctly and waiting a day
John> to do each test is hopeless).
The krb5_get_in_tkt functions are deprecated; please use
krb5_get_init_creds functions instead. Also, what release are you
running? Some of the code in krb5_get_in_tkt_with_keytab() has
changed over time, possibly fixing bugs affecting your problem. I
believe that there was a bug in krb5-1.3 affecting
krb5_get_in_tkt_with_keytab() in exactly this way.
If you are seeing this behavior with a recent release, we would
appreciate hearing more details.
Some alternatives may include setting the KDC ticket lifetime for one
particular principal that you are testing.
---Tom
More information about the Kerberos
mailing list