MSFT KDC renew behaviour
hartmans at MIT.EDU
Mon Jan 9 07:13:50 EST 2006
>>>>> "Paul" == Paul Moore <paul.moore at centrify.com> writes:
Paul> MSFT will renew a tgt and give it an end-time that goes
Paul> beyond the original ticket's renew-until time. The
Paul> renew-until time must not have passed - that works
Paul> correctly. But they will issue a new ticket with an end time
Paul> = to, say, Renew-until + 10 hours
This list is a development list for MIt Kerberos. Discussions of
whether Microsoft KDC behavior are correct or not are not on topic for
If you want to know what Microsoft does, talk to them. If you believe
it is incorrect, again, Microsoft is the only company in a position to
help you fix that.
If you're finding that MIT Kerberos deals poorly with the Microsoft
behavior, then by all means bring it up here.
If you find that the spec is unclear or have questions about the spec,
then please ask on the IETF list.
More information about the krbdev