Man page description of kinit -R

Jeffrey Altman jaltman at secure-endpoints.com
Thu Sep 4 00:16:03 EDT 2014


On 9/3/2014 8:41 PM, Brett Randall wrote:
> Hi,
> 
> krb5-1.10.1 here.
> 
> My local man page for kinit (as well as
> http://web.mit.edu/kerberos/krb5-1.12/doc/user/user_commands/kinit.html
> ) has the following description of the kinit -R option:
> 
> -R: requests renewal of the ticket-granting ticket. Note that an
> expired ticket cannot be renewed, even if the ticket is still within
> its renewable life.
> 
> Does the comment "an expired ticket cannot be renewed" remain true,
> and if so, can someone help me understand "expired" in this context?
> If I have a ticket which has an "Expires" date-time (as reported by
> klist) which is in the past, but a "renew until" date which is in the
> future, I can successfully renew the ticket using kinit -R.  I see
> this as renewal of an expired, but renewable and
> within-renewable-period ticket.

Your understanding is correct.   What KDC is renewing such a ticket?

> Is that expected, and is the above comment now a doc-bug?

It is not expected and would be a KDC side bug.



-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4529 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mailman.mit.edu/pipermail/kerberos/attachments/20140904/ac1589fb/attachment.bin


More information about the Kerberos mailing list