Can't acquire stored impersonated creds from cache

Greg Hudson ghudson at mit.edu
Mon Sep 21 11:17:09 EDT 2015


On 09/21/2015 09:03 AM, Martin Gee wrote:
> OK, I was testing added it via kinit -k -l (shorter life) to see if it
> would refresh (and it wasn't). 

I should note we have an open ticket about this:

    http://krbdev.mit.edu/rt/Ticket/Display.html?id=7976

> QQ) what happens after the "renew until date" expires? I'm assuming I'd
> need to destroy?

The client keytab facility does not use renewals to get new tickets; it
uses the client keytab to get new ones with an AS request.  So the
renew-till date is irrelevant.


More information about the Kerberos mailing list