Ticket expires 120 seconds early?
Robbert Eggermont
R.Eggermont at tudelft.nl
Thu Apr 2 09:16:08 EDT 2015
Hi,
For some time (years) I've been using tickets with a 1 minute lifetime
(in cron jobs). Lately, this is giving me problems:
$ kinit -l 1m -k -t <keytab> <principal> && kvno 'host/<host>'
kvno: Ticket expired while getting credentials for host/<host>@<domain>
With RHEL7 (krb5-1.12.2), the problems seem to be much worse, so I did a
little experimentation which seems to indicate some kind of limit at 120s:
$ kinit -l 120s -k -t <keytab> <principal> && kvno 'host/<host>'
kvno: Ticket expired while getting credentials for host/<host>@<domain>
$ kinit -l 121s -k -t <keytab> <principal> && kvno 'host/<host>'
host/<host>@<domain>: kvno = 3
The first fails 90% of the time, the second succeeds 90% of the time.
What am I seeing here, and is it supposed to be like this?
Thanks,
Robbert
--
Robbert Eggermont Intelligent Systems
R.Eggermont at tudelft.nl Electr.Eng., Mathematics & Comp.Science
+31 15 27 83234 Delft University of Technology
More information about the Kerberos
mailing list