Question about how to obtain renewable ticket?

Neng Xue neng.xue at oracle.com
Mon Apr 13 17:39:55 EDT 2015


Hi Greg,

Thanks so much! I should have asked you sooner. It was because that the 
krbtgt/NEXUE.COM did not have a max renewable lifetime :)

Best,
Neng

On 04/13/15 02:30 PM, Greg Hudson wrote:
> On 04/13/2015 05:13 PM, Neng Xue wrote:
>> However, when I used 'kinit -r 20m', the klist -f output was:
> The KDC won't issue a renewable ticket if you request a lifetime greater
> than the renewable lifetime.  You could try "kinit -l 10m -r 20m", or
> "kinit -r 2d" or something.
>
> Also make sure that krbtgt/NEXUE.COM has a max renewable lifetime; the
> KDC checks both the client and server principal entries.
>

-- 
Neng Xue
Oracle Solaris Software Engineer
Santa Clara, CA, USA



More information about the Kerberos mailing list