Kinit - Renewal Process

Sam Hartman hartmans at MIT.EDU
Thu Jan 26 18:43:50 EST 2006

>>>>> "ryan" == ryan d jarvis <ryan.d.jarvis at> writes:

    ryan> I have tried the kinit -R feature, but have been getting the
    ryan> following error message: kinit(v5): Internal credentials
    ryan> cache error when initializing cache
    ryan> MSLSA:rdjarvi at UPSTREAMACCTS.XOM.COM

I would expect your Windows machine to renew the credentials
automatically as they approach expiration.

It may be that if you are using smart cards there is a bug because the
LSA would be able to renew credentials but not obtain new ones.

You can use the ms2mit utility to copy credentials from an MSLSA cache
into an API cache and you can renew them there.  Unfortunatly you can
only use the API cache with your MIT KFW applications.

There will be a better solution for Windows Vista and a future version
of KFW.  Under that version of KFW, the MSLSA cache is fully writable.

Sam Hartman
Manager, MIT Kerberos Team

More information about the krbdev mailing list