renew ticket failed
Greg Hudson
ghudson at mit.edu
Thu Nov 9 18:52:33 EST 2023
On 11/8/23 16:13, Dong Ye wrote:
> we encountered an issue where we can't renew the ticket before the
> ticket expires. Seems the ticket is renewable but its renew_till time is
> before its end_time. How is it possible?
It's possible if the ticket was requested that way ("kinit -l 2h -r 1h"
for instance). For a period of time (1.12 through 1.15) the MIT krb5
KDC issued non-renewable tickets for such requests, but that was found
to be disruptive to scripts, so it once again issues renewable tickets
whose end times can't be extended.
More information about the Kerberos
mailing list