MSFT KDC renew behaviour

Paul Moore paul.moore at
Mon Jan 9 12:11:19 EST 2006

I was assuming that this list was the repository of the correct
interpretation of RFC1510. Can you please direct me to which list is

-----Original Message-----
From: Sam Hartman [mailto:hartmans at] 
Sent: Monday, January 09, 2006 4:14 AM
To: Paul Moore
Cc: krbdev at MIT.EDU
Subject: Re: MSFT KDC renew behaviour

>>>>> "Paul" == Paul Moore <paul.moore at> writes:

    Paul> MSFT will renew a tgt and give it an end-time that goes
    Paul> beyond the original ticket's renew-until time. The
    Paul> renew-until time must not have passed - that works
    Paul> correctly. But they will issue a new ticket with an end time
    Paul> = to, say, Renew-until + 10 hours

This list is a development list for MIt Kerberos.  Discussions of
whether Microsoft KDC behavior are correct or not are not on topic for
this list.

If you want to know what Microsoft does, talk to them.  If you believe
it is incorrect, again, Microsoft is the only company in a position to
help you fix that.

If you're finding that MIT Kerberos deals poorly with the Microsoft
behavior, then by all means bring it up here.

If you find that the spec is unclear or have questions about the spec,
then please ask on the IETF list.


More information about the krbdev mailing list