Fwd: Kerberos5 ticket auto renewal
Predrag Zecevic [Unix Systems Administrator]
Predrag.Zecevic at 2e-systems.com
Tue Mar 18 10:14:26 EDT 2014
On 03/18/14 03:00 PM, Wendy Lin wrote:
> On 18 March 2014 13:54, Tomas Kuthan <tomas.kuthan at oracle.com> wrote:
>> Hi Wendy,
>>
>> (I can only comment on Solaris)
>>
>> I suppose, you are referring to automatic renewal of tickets by
>> ktkt_warnd. ktkt_warn service is enabled by default, but there are
>> upgrade scenarios, were you can end up with ktkt_warn disabled. Run
>> 'svcs ktkt_warn' to confirm.
>>
>> If ktkt_warn is up and running, it could also be user-principal
>> discrepancy. IIRC, ktkt_warn won't register a warning for a principal
>> that doesn't map to your uid (such as running 'kinit username' as root).
>
> 1. Where can I find ktkt_warn for Linux?
> 2. ktkt_warn seems to be broken in Illumos and Solaris 11, see
> https://www.illumos.org/issues/3271
>
> Wendy
Hi,
I guess that Solaris/OpenIndiana Kerberos implementation is somehow
changed /broken ?/ and indeed ktkt_warn is (was) not working [see bug
https://www.illumos.org/issues/3271 - if you feel lucky, you can try to
open new one].
Meantime, I have tried (and I am using) k5start utility:
http://www.eyrie.org/~eagle/software/kstart/k5start.html
NOTE: you can use k5start for Linux:
$ yum provides "*/k5start"
...
kstart-4.1-2.el6.x86_64 : Daemon version of kinit for Kerberos v5
Regards.
> ________________________________________________
> Kerberos mailing list Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>
--
Predrag Zečević, Technical Support Analyst, 2e Systems GmbH
Telephone: +49 6196 9505 815, Facsimile: +49 6196 9505 894
Mobile: +49 174 3109 288, Skype: predrag.zecevic
E-mail: predrag.zecevic at 2e-systems.com
Headquarter: 2e Systems GmbH, Königsteiner Str. 87,
65812 Bad Soden am Taunus, Germany
Company registration: Amtsgericht Königstein (Germany), HRB 7303
Managing director: Phil Douglas
http://www.2e-systems.com/ - Making your business fly!
[***]===---
Live in a world of your own, but always welcome visitors.
More information about the Kerberos
mailing list