Ticket expires 120 seconds early?

Stephen Carville scarville at lereta.com
Thu Apr 2 10:25:05 EDT 2015


My first suspicion is that the clocks on the machines are out of sync.

On 04/02/2015 06:16 AM, Robbert Eggermont [Masked] wrote:
> Hi,
> 
> For some time (years) I've been using tickets with a 1 minute lifetime 
> (in cron jobs). Lately, this is giving me problems:
> 
> $ kinit -l 1m -k -t <keytab> <principal> && kvno 'host/<host>'
> kvno: Ticket expired while getting credentials for host/<host>@<domain>
> 
> With RHEL7 (krb5-1.12.2), the problems seem to be much worse, so I did a 
> little experimentation which seems to indicate some kind of limit at 120s:
> 
> $ kinit -l 120s -k -t <keytab> <principal> && kvno 'host/<host>'
> kvno: Ticket expired while getting credentials for host/<host>@<domain>
> $ kinit -l 121s -k -t <keytab> <principal> && kvno 'host/<host>' 
> host/<host>@<domain>: kvno = 3
> 
> The first fails 90% of the time, the second succeeds 90% of the time.
> 
> What am I seeing here, and is it supposed to be like this?
> 
> Thanks,
> 
> Robbert
> 

-- 
Stephen Carville
1123 Park View Drive | Covina, CA 91724
626-339-5221 X1326
scarville at lerNOSPAMeta.com
=================================================
laeti vescimur nos subacturis
=================================================


More information about the Kerberos mailing list