On credential cache separation between service ticket and TGT
Greg Hudson
ghudson at MIT.EDU
Tue Mar 25 11:56:05 EDT 2014
On 03/25/2014 11:19 AM, Arpit Srivastava wrote:
> I call gss_init_sec_context with say, /time_req = 20 mins. /Every time
> the service ticket hence obtained expires, a new service ticket is
> obtained with 20 mins validity, instead of renewing the one already
> existing in the cache (so, there are two tickets of same SPN but with
> different validity time stamps). I observed that if I pass time_req =
> GSS_C_INDEFINITE, the same ticket is renewed and a new ticket is not
> created. It would be great if you can provide some insights.
To the best of my knowledge, gss_init_sec_context has no support for
renewing service tickets, only getting new ones using a TGT.
More information about the Kerberos
mailing list