Ticket renewal not working
Oliver Loch
o.loch at gmx.net
Wed Jul 18 12:09:48 EDT 2012
shot in the dark:
set the max_renewable_lifetime > ticket_lifetime.
Else the ticket becomes invalid and can't be renewed after 5 minutes...
KR,
Oliver
Am 18.07.2012 um 18:06 schrieb Tiago Elvas:
> Hi there,
>
> I am experience problems at the time of ticket renewal.
> For this test I am using 5minute tickets (for quick testing) and so:
>
> # /var/kerberos/krb5kdc/kdc.conf
> max_life = 5m 0s
> max_renewable_life = 5m 0s
> # /etc/krb5.conf
> ticket_lifetime = 5m
> renew_lifetime = 5m
>
> The principal in use is named "opends".
>
> I log in and this is my ticket:
>
> [opends ~]$ klist -f
>> Ticket cache: FILE:/tmp/krb5cc_505
>> Default principal: opends at DOMAIN.COM
>> Valid starting Expires Service principal
>> 07/18/12 18:01:33 07/18/12 18:06:33 krbtgt/DOMAIN.COM at DOMAIN.COM
>> renew until 07/18/12 18:06:33, Flags: FPRIA
>>
>> Kerberos 4 ticket cache: /tmp/tkt505
>> klist: You have no tickets cached
>
>
> I then do "kinit -R",
>
> [opends ~]$ kinit -R
>> [opends ~]$ echo $?
>> 0
>> [opends ~]$
>> [opends@ ~]$ klist -f
>> Ticket cache: FILE:/tmp/krb5cc_505
>> Default principal: opends at DOMAIN.COM
>
> Valid starting Expires Service principal
>> 07/18/12 18:02:25 07/18/12 18:06:33 krbtgt/DOMAIN.COM at DOMAIN.COM
>
> renew until 07/18/12 18:06:33, Flags: FPRIAT
>>
>> Kerberos 4 ticket cache: /tmp/tkt505
>> klist: You have no tickets cached
>
>
>
> Does anybody know why this is happening?
> The system is intended to be used along several and "random" days and I
> should not get a ticket expired error so it should be automatic (like in a
> cronjob doing this kinit -R)
>
> Thanks in advance.
>
> Best regards,
> Tiago
> ________________________________________________
> Kerberos mailing list Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
More information about the Kerberos
mailing list