[krbdev.mit.edu #1199] Local host login results in host ticket that expires in 5 minutes
Ken Raeburn via RT
rt-comment at krbdev.mit.edu
Mon Sep 30 13:56:56 EDT 2002
"Sam Hartman via RT" <rt-comment at krbdev.mit.edu> writes:
> I'd recommend getting a full lifetime ticket and also causing the
> ccache routines not to return expired tickets when being called by
> something like mk_req.
Not quite that simple -- under what circumstances should we still
return "ticket expired" instead of "no ticket"? Presumably for the
TGT, but that's information the ccache layer shouldn't be dealing
with. Probably the next layer up should be checking for expired
tickets.
But yes, it makes no sense to have the acquired host ticket have a
shorter lifetime than the TGT.
Ken
More information about the krb5-bugs
mailing list