Ticket renewal not working
Tiago Elvas
tiagoelvas at gmail.com
Wed Jul 18 12:20:21 EDT 2012
Well it worked!
I raised the max_renewable_lifetime to 10min (not a specific value, just a
randomly chosen among the numbers greater that 5 :) ) and it works!
The thing now is, after this max renewal date is expired, I will not be
able to renew it anymore, won't I? I always have to set a limit on this max
renew, right?
Thanks!
On Wed, Jul 18, 2012 at 6:09 PM, Oliver Loch <o.loch at gmx.net> wrote:
> shot in the dark:
>
> set the max_renewable_lifetime > ticket_lifetime.
>
> Else the ticket becomes invalid and can't be renewed after 5 minutes...
>
> KR,
>
> Oliver
>
> Am 18.07.2012 um 18:06 schrieb Tiago Elvas:
>
> > Hi there,
> >
> > I am experience problems at the time of ticket renewal.
> > For this test I am using 5minute tickets (for quick testing) and so:
> >
> > # /var/kerberos/krb5kdc/kdc.conf
> > max_life = 5m 0s
> > max_renewable_life = 5m 0s
> > # /etc/krb5.conf
> > ticket_lifetime = 5m
> > renew_lifetime = 5m
> >
> > The principal in use is named "opends".
> >
> > I log in and this is my ticket:
> >
> > [opends ~]$ klist -f
> >> Ticket cache: FILE:/tmp/krb5cc_505
> >> Default principal: opends at DOMAIN.COM
> >> Valid starting Expires Service principal
> >> 07/18/12 18:01:33 07/18/12 18:06:33 krbtgt/DOMAIN.COM at DOMAIN.COM
> >> renew until 07/18/12 18:06:33, Flags: FPRIA
> >>
> >> Kerberos 4 ticket cache: /tmp/tkt505
> >> klist: You have no tickets cached
> >
> >
> > I then do "kinit -R",
> >
> > [opends ~]$ kinit -R
> >> [opends ~]$ echo $?
> >> 0
> >> [opends ~]$
> >> [opends@ ~]$ klist -f
> >> Ticket cache: FILE:/tmp/krb5cc_505
> >> Default principal: opends at DOMAIN.COM
> >
> > Valid starting Expires Service principal
> >> 07/18/12 18:02:25 07/18/12 18:06:33 krbtgt/DOMAIN.COM at DOMAIN.COM
> >
> > renew until 07/18/12 18:06:33, Flags: FPRIAT
> >>
> >> Kerberos 4 ticket cache: /tmp/tkt505
> >> klist: You have no tickets cached
> >
> >
> >
> > Does anybody know why this is happening?
> > The system is intended to be used along several and "random" days and I
> > should not get a ticket expired error so it should be automatic (like in
> a
> > cronjob doing this kinit -R)
> >
> > Thanks in advance.
> >
> > Best regards,
> > Tiago
> > ________________________________________________
> > Kerberos mailing list Kerberos at mit.edu
> > https://mailman.mit.edu/mailman/listinfo/kerberos
>
>
More information about the Kerberos
mailing list