longer ticket life vs auto renew
Mark Pröhl
mark at mproehl.net
Mon Aug 13 08:05:02 EDT 2012
Am 09.08.2012 15:42, schrieb Matt Garman:
> We have a situation where users stay logged on for literally days or
> even weeks at a time for very long-running simulation jobs. So the
> default max ticket life of one day isn't really appropriate for us.
>
> It seems that there are two solutions to this dilemma: (1) a much
> longer max ticket life or (2) some kind of auto-renewal scheme.
>
> Perhaps I didn't look hard enough, but I haven't been able to find a
> discussion on why one might choose one option over the other. I was
> hoping some of the list members might weigh in with their thoughts.
>
> Thanks!
> Matt
> ________________________________________________
> Kerberos mailing list Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>
if a ticket has been issued to the client, the KDC cannot revoke that
ticket, even if the client is deleted or disabled. But if the client
needs to do a renew request from time to time, the KDC might not issue
new tickets if the client is deleted or disabled.
--
Mark Pröhl
mark at mproehl.net
www.kerberos-buch.de
More information about the Kerberos
mailing list