Renewable tickets
Sam Hartman
hartmans at MIT.EDU
Mon Feb 2 11:37:26 EST 2004
>>>>> "Russell" == Russell King <rmk at arm.linux.org.uk> writes:
Russell> Hi, I'm not sure if this is the correct place for this.
Russell> I'm experimenting with Kerberos 1.3.1 with pam as
Russell> packaged with Fedora Core 1 from Red Hat. I'm seeing a
Russell> problem when trying to get renewable principals/tickets
Russell> working.
Are they really using stock 1.3? I'm fairly certain we fixed this bug
late in the 1.3 release cycle before the release.
Russell> So:
Russell> - should the kerberos client library have a hardcoded
Russell> lifetime of one day?
It certainly does. There is not a krb5.conf parameter to adjust this
(nor is there one documented) in the MIT code.
Russell> - should the kerberos client libraries allow these
Russell> requests for renewable tickets with renewlife < lifetime?
I don't see why not; it is a fairly strange request though.
Russell> - should krb5kdc extend the renewable ticket lifetime if
Russell> it has shortened the returned ticket lifetime?
If renewable_ok is set, yes. That's what the spec says.
More information about the krbdev
mailing list