MSFT KDC renew behaviour

Sam Hartman hartmans at MIT.EDU
Mon Jan 9 07:13:50 EST 2006


>>>>> "Paul" == Paul Moore <paul.moore at centrify.com> writes:

    Paul> MSFT will renew a tgt and give it an end-time that goes
    Paul> beyond the original ticket's renew-until time. The
    Paul> renew-until time must not have passed - that works
    Paul> correctly. But they will issue a new ticket with an end time
    Paul> = to, say, Renew-until + 10 hours

This list is a development list for MIt Kerberos.  Discussions of
whether Microsoft KDC behavior are correct or not are not on topic for
this list.

If you want to know what Microsoft does, talk to them.  If you believe
it is incorrect, again, Microsoft is the only company in a position to
help you fix that.

If you're finding that MIT Kerberos deals poorly with the Microsoft
behavior, then by all means bring it up here.

If you find that the spec is unclear or have questions about the spec,
then please ask on the IETF list.

--Sam




More information about the krbdev mailing list