Fwd: Kerberos5 ticket auto renewal

Wendy Lin wendlin1974 at gmail.com
Tue Mar 18 10:13:10 EDT 2014


On 18 March 2014 15:09, Tomas Kuthan <tomas.kuthan at oracle.com> wrote:
> On 03/18/14 03:00 PM, Wendy Lin wrote:
>>
>> On 18 March 2014 13:54, Tomas Kuthan<tomas.kuthan at oracle.com>  wrote:
>>>
>>> Hi Wendy,
>>>
>>> (I can only comment on Solaris)
>>>
>>> I suppose, you are referring to automatic renewal of tickets by
>>> ktkt_warnd. ktkt_warn service is enabled by default, but there are
>>> upgrade scenarios, were you can end up with ktkt_warn disabled. Run
>>> 'svcs ktkt_warn' to confirm.
>>>
>>> If ktkt_warn is up and running, it could also be user-principal
>>> discrepancy. IIRC, ktkt_warn won't register a warning for a principal
>>> that doesn't map to your uid (such as running 'kinit username' as root).
>>
>>
>> 1. Where can I find ktkt_warn for Linux?
>
>
> I don't think there is one.

How can ktkt_warn renew tickets without having a password?

>
>
>> 2. ktkt_warn seems to be broken in Illumos and Solaris 11, see
>> https://www.illumos.org/issues/3271
>
>
> I am using ktkt_warn myself on Solaris 11.1 and it works fine for me.
> I cannot comment on Illumos.

I was talking about Solaris 11.0

Wendy


More information about the Kerberos mailing list