Ticket renewal not working

Oliver Loch o.loch at gmx.net
Wed Jul 18 12:24:48 EDT 2012 

The default value of max_renewable_lifetime is 0 which means unlimited (IIRC).

Kr,

Oliver
Am 18.07.2012 um 18:20 schrieb Tiago Elvas:

> Well it worked!
> 
> I raised the  max_renewable_lifetime to 10min (not a specific value, just a randomly chosen among the numbers greater that 5 :) ) and it works!
> 
> The thing now is, after this max renewal date is expired, I will not be able to renew it anymore, won't I? I always have to set a limit on this max renew, right?
> 
> Thanks!
> 
> On Wed, Jul 18, 2012 at 6:09 PM, Oliver Loch <o.loch at gmx.net> wrote:
> shot in the dark:
> 
> set the max_renewable_lifetime > ticket_lifetime.
> 
> Else the ticket becomes invalid and can't be renewed after 5 minutes...
> 
> KR,
> 
> Oliver
> 
> Am 18.07.2012 um 18:06 schrieb Tiago Elvas:
> 
> > Hi there,
> >
> > I am experience problems at the time of ticket renewal.
> > For this test I am using 5minute tickets (for quick testing) and so:
> >
> > # /var/kerberos/krb5kdc/kdc.conf
> > max_life = 5m 0s
> > max_renewable_life = 5m 0s
> > # /etc/krb5.conf
> > ticket_lifetime = 5m
> > renew_lifetime = 5m
> >
> > The principal in use is named "opends".
> >
> > I log in and this is my ticket:
> >
> > [opends ~]$ klist -f
> >> Ticket cache: FILE:/tmp/krb5cc_505
> >> Default principal: opends at DOMAIN.COM
> >> Valid starting     Expires            Service principal
> >> 07/18/12 18:01:33  07/18/12 18:06:33  krbtgt/DOMAIN.COM at DOMAIN.COM
> >>        renew until 07/18/12 18:06:33, Flags: FPRIA
> >>
> >> Kerberos 4 ticket cache: /tmp/tkt505
> >> klist: You have no tickets cached
> >
> >
> > I then do "kinit -R",
> >
> > [opends ~]$ kinit -R
> >> [opends ~]$ echo $?
> >> 0
> >> [opends ~]$
> >> [opends@ ~]$ klist -f
> >> Ticket cache: FILE:/tmp/krb5cc_505
> >> Default principal: opends at DOMAIN.COM
> >
> > Valid starting     Expires            Service principal
> >> 07/18/12 18:02:25  07/18/12 18:06:33  krbtgt/DOMAIN.COM at DOMAIN.COM
> >
> >        renew until 07/18/12 18:06:33, Flags: FPRIAT
> >>
> >> Kerberos 4 ticket cache: /tmp/tkt505
> >> klist: You have no tickets cached
> >
> >
> >
> > Does anybody know why this is happening?
> > The system is intended to be used along several and "random" days and I
> > should not get a ticket expired error so it should be automatic (like in a
> > cronjob doing this kinit -R)
> >
> > Thanks in advance.
> >
> > Best regards,
> > Tiago
> > ________________________________________________
> > Kerberos mailing list           Kerberos at mit.edu
> > https://mailman.mit.edu/mailman/listinfo/kerberos
> 
>

More information about the Kerberos mailing list