Long-running jobs with renewal of krb5 tickets and AFS tokens

Nicolas Williams Nicolas.Williams at sun.com
Mon Mar 2 13:54:58 EST 2009

On Sat, Feb 28, 2009 at 11:40:26PM -0500, Jason Edgecombe wrote:
> I guess setting things for renewable tickets longer than 7 days or 
> running the jobs in local disk will be easiest.
> We have a 7 day normal/renewable lifetime. What length do other sites have?

I have seen sites use on the order of months for the renewable ticket
lifetime, but still hours for normal ticket lifetime.  If you already
use seven days for renew life you might as well double it -- whatever
your threat model is, if you can accept seven days then chances are you
can accept fourteen.


More information about the Kerberos mailing list