longer ticket life vs auto renew
Will Fiveash
will.fiveash at oracle.com
Wed Aug 15 14:45:11 EDT 2012
On Thu, Aug 09, 2012 at 08:42:14AM -0500, Matt Garman wrote:
> We have a situation where users stay logged on for literally days or
> even weeks at a time for very long-running simulation jobs. So the
> default max ticket life of one day isn't really appropriate for us.
>
> It seems that there are two solutions to this dilemma: (1) a much
> longer max ticket life or (2) some kind of auto-renewal scheme.
>
> Perhaps I didn't look hard enough, but I haven't been able to find a
> discussion on why one might choose one option over the other. I was
> hoping some of the list members might weigh in with their thoughts.
As an aside, Solaris provides a krb warning daemon, ktkt_warnd, that
both warns users when their TGT cred is about to expire and cannot be
renewed and auto-renews it depending on the configuration.
--
Will Fiveash
Oracle Solaris Software Engineer
http://opensolaris.org/os/project/kerberos/
Sent using mutt, a sweet, text based e-mail app <http://www.mutt.org/>
More information about the Kerberos
mailing list