Re-authentication vs Renewal of credentials by a service and the impact to clients

Todd Grayson tgrayson at cloudera.com
Thu May 12 09:48:18 EDT 2016


Hello,

When a service re-authenticates to the KDC, effectively getting a new TGT,
are the service tickets related to previous instance of the TGT for that
service, no longer valid?

That is, does a service re-authenticating to a KDC, rather than renewing,
cause all the current related service tickets to no longer be valid and in
turn trigger all those clients holding the previous generation of tickets,
to re-request a service ticket at that point from the KDC?

Or is that service ticket durable, and will it survive replacement (not
renewal) of the underlying TGT?


More information about the Kerberos mailing list