Fwd: Kerberos5 ticket auto renewal

Tomas Kuthan tomas.kuthan at oracle.com
Tue Mar 18 10:09:46 EDT 2014


On 03/18/14 03:00 PM, Wendy Lin wrote:
> On 18 March 2014 13:54, Tomas Kuthan<tomas.kuthan at oracle.com>  wrote:
>> Hi Wendy,
>>
>> (I can only comment on Solaris)
>>
>> I suppose, you are referring to automatic renewal of tickets by
>> ktkt_warnd. ktkt_warn service is enabled by default, but there are
>> upgrade scenarios, were you can end up with ktkt_warn disabled. Run
>> 'svcs ktkt_warn' to confirm.
>>
>> If ktkt_warn is up and running, it could also be user-principal
>> discrepancy. IIRC, ktkt_warn won't register a warning for a principal
>> that doesn't map to your uid (such as running 'kinit username' as root).
>
> 1. Where can I find ktkt_warn for Linux?

I don't think there is one.

> 2. ktkt_warn seems to be broken in Illumos and Solaris 11, see
> https://www.illumos.org/issues/3271

I am using ktkt_warn myself on Solaris 11.1 and it works fine for me.
I cannot comment on Illumos.

Tomas



More information about the Kerberos mailing list