kerberos ticket cache
Simo Sorce
simo at redhat.com
Fri Jul 17 09:13:13 EDT 2015
----- Original Message -----
> From: "John Devitofranceschi" <jdvf at optonline.net>
> To: kerberos at mit.edu
> Cc: "Simo Sorce" <simo at redhat.com>
> Sent: Friday, July 17, 2015 6:52:01 AM
> Subject: Re: kerberos ticket cache
>
>
> > On Jul 10, 2015, at 10:06 AM, Simo Sorce <simo at redhat.com> wrote:
> >
> >
> > The same is for Kerberized NFS in Linux, the session keys are stored in
> > the kernel and there is currently no way to revoke them, however once
> > the session is destroyed the kernel will not be able to recreate it.
> >
>
> How long does it take for the stored session keys to expire after the ccache
> is destroyed? Is it based on ticket lifetime?
Yes, the "endtime" of the established context is passed down to the kernel, and
it will be used to check when the context expires. When it does the kernel returns
an "Expired Context" error.
Simo.
More information about the Kerberos
mailing list