Man page description of kinit -R

Brett Randall javabrett at gmail.com
Thu Sep 4 10:24:24 EDT 2014


On 4 September 2014 23:29, Kevin Coffman <kwc at umich.edu> wrote:
> Hi Brett,
> Just a thought.  Is the ticket perhaps expired but still within the clock
> skew window?

Good point, but I don't think so.  The default (max) clockskew is 5
minutes, so I waited until 10 minutes after my TGT expired - it was
able to be renewed with kinit -R.

>
> K.C.
>
>
> On Wed, Sep 3, 2014 at 8:41 PM, Brett Randall <javabrett at gmail.com> wrote:
>>
>> Hi,
>>
>> krb5-1.10.1 here.
>>
>> My local man page for kinit (as well as
>> http://web.mit.edu/kerberos/krb5-1.12/doc/user/user_commands/kinit.html
>> ) has the following description of the kinit -R option:
>>
>> -R: requests renewal of the ticket-granting ticket. Note that an
>> expired ticket cannot be renewed, even if the ticket is still within
>> its renewable life.
>>
>> Does the comment "an expired ticket cannot be renewed" remain true,
>> and if so, can someone help me understand "expired" in this context?
>> If I have a ticket which has an "Expires" date-time (as reported by
>> klist) which is in the past, but a "renew until" date which is in the
>> future, I can successfully renew the ticket using kinit -R.  I see
>> this as renewal of an expired, but renewable and
>> within-renewable-period ticket.
>>
>> Is that expected, and is the above comment now a doc-bug?
>>
>> Thanks
>> Brett
>> ________________________________________________
>> Kerberos mailing list           Kerberos at mit.edu
>> https://mailman.mit.edu/mailman/listinfo/kerberos
>
>
>
>
> --
>
> Kevin Coffman
> Learning Informatics,
> Enabling Technologies,
> Medical School Information Services Learning Program
> University of Michigan Medical School
> 517 917 0592 (google voice)
> 734 330 4706 (cell)
> kwc at umich.edu


More information about the Kerberos mailing list