TGT for principals getting destroyed automatically

Gaurav Dasgupta gdsayshi at gmail.com
Thu May 2 06:31:52 EDT 2013


Hi,

I have setup Kerberos in my CentOS cluster, added principals and modified
their ticket_lifetime and renew_lifetime for 1 year. From "kadmin.local", I
entered the command "getprinc <princ>" to get the setting details for the
pincipal and verified the modifications.

Doing "kinit" and the "klist" for the principal, I can see the ticket
lifetime and renewal lifetime - both are set to 365 days. Hence, TGT for
the principal should be valid till 1 year, and I need not kinit before that.

But all of a sudden, after few days, the TGT got destroyed automatically
for the principal. I confirmed it with the "klist" command. I had to do
kinit again for the principal. The principal got valid TGT near about same
time across the cluster. Only in 1 machine, it got destroyed. Again after
few days, TGT got destroyed in 2 other machines for a principal (This time
for a different principal), but in other machines they are alive.

This is a strange behaviour as I am manually not using the "kdestroy"
command. Has anyone faced a similar issue? How can I track what's going
wrong with the TGT? Which logs will tell me that when and how the TGT is
getting destroyed?

Thanks,
Gaurav


More information about the Kerberos mailing list