k5start -K and ticket renewals
Russ Allbery
eagle at eyrie.org
Thu Jan 16 19:04:40 EST 2014
Nico Williams <nico at cryptonector.com> writes:
> Ideally the auto-renewal wake-up timer should be automatically set from
> the TGT's lifetime (and libkrb5 should automatically handle any faster
> expiration of non-initial tickets). Then -K shouldn't be needed.
Well, -K is how one says to run as a daemon at all, so you still need the
flag, but possibly not its value.
> The hard part is how to handle transient renewal errors, particularly
> when the ticket's original lifetime was short (but renew lifetime
> long).
If acquiring credentials fails, k5start (and krenew) try every minute
until they succeed again regardless of the -K value.
--
Russ Allbery (eagle at eyrie.org) <http://www.eyrie.org/~eagle/>
More information about the Kerberos
mailing list