Re-authentication vs Renewal of credentials by a service and the impact to clients
Todd Grayson
tgrayson at cloudera.com
Thu May 12 09:48:18 EDT 2016
Hello,
When a service re-authenticates to the KDC, effectively getting a new TGT,
are the service tickets related to previous instance of the TGT for that
service, no longer valid?
That is, does a service re-authenticating to a KDC, rather than renewing,
cause all the current related service tickets to no longer be valid and in
turn trigger all those clients holding the previous generation of tickets,
to re-request a service ticket at that point from the KDC?
Or is that service ticket durable, and will it survive replacement (not
renewal) of the underlying TGT?
More information about the Kerberos
mailing list