Fwd: Kerberos5 ticket auto renewal
Tomas Kuthan
tomas.kuthan at oracle.com
Tue Mar 18 08:54:36 EDT 2014
Hi Wendy,
(I can only comment on Solaris)
I suppose, you are referring to automatic renewal of tickets by
ktkt_warnd. ktkt_warn service is enabled by default, but there are
upgrade scenarios, were you can end up with ktkt_warn disabled. Run
'svcs ktkt_warn' to confirm.
If ktkt_warn is up and running, it could also be user-principal
discrepancy. IIRC, ktkt_warn won't register a warning for a principal
that doesn't map to your uid (such as running 'kinit username' as root).
Tomas
On 03/18/14 01:32 PM, Wendy Lin wrote:
> Forwarding it here. What is the default Kerberos5 behaviour? I log in
> with pam_krb or kinit, but the tickets for nfs/ are not renewed. Why?
>
> Wendy
>
> ---------- Forwarded message ----------
> From: Wendy Lin<wendlin1974 at gmail.com>
> Date: 18 March 2014 11:05
> Subject: Kerberos5 ticket auto renewal
> To: "developer at lists.illumos.org"<developer at lists.illumos.org>
>
>
> Does Solaris/Illumos/Openindiana Kerberos5 do not renew tickets
> automatically in the default configuration?
>
> I noticed that if I do kinit to authenticate a test user the tickets
> are not renewed automatically after a day. Does anyone know why this
> happens?
>
> Wendy
>
>
More information about the Kerberos
mailing list