longer ticket life vs auto renew
steve
steve at steve-ss.com
Tue Aug 14 05:02:29 EDT 2012
On 13/08/12 14:05, Mark Pröhl wrote:
> Am 09.08.2012 15:42, schrieb Matt Garman:
>> We have a situation where users stay logged on for literally days or
>> even weeks at a time for very long-running simulation jobs. So the
>> default max ticket life of one day isn't really appropriate for us.
>>
>> It seems that there are two solutions to this dilemma: (1) a much
>> longer max ticket life or (2) some kind of auto-renewal scheme.
>>
>> Perhaps I didn't look hard enough, but I haven't been able to find a
>> discussion on why one might choose one option over the other. I was
>> hoping some of the list members might weigh in with their thoughts.
>>
>> Thanks!
>> Matt
>> ________________________________________________
>> Kerberos mailing list Kerberos at mit.edu
>> https://mailman.mit.edu/mailman/listinfo/kerberos
>>
>
> if a ticket has been issued to the client, the KDC cannot revoke that
> ticket, even if the client is deleted or disabled. But if the client
> needs to do a renew request from time to time, the KDC might not issue
> new tickets if the client is deleted or disabled.
>
Hi
For long logons we use k5start. It renews tickets at given time intervals.
Cheers,
Steve
More information about the Kerberos
mailing list