Generate AS-REQ with RENEWABLE_OK flag?
Henry B. Hotz
hotz at jpl.nasa.gov
Thu Jul 12 15:12:42 EDT 2007
On Jul 12, 2007, at 11:26 AM, Jeffrey Altman wrote:
> Henry B. Hotz wrote:
>> On Jul 12, 2007, at 6:44 AM, Sam Hartman wrote:
>>
>>>>>>>> "Henry" == Henry B Hotz <hotz at jpl.nasa.gov> writes:
>>> Henry> How do I generate a an AS_REQ with the RENEWABLE_OK flag
>>> Henry> set?
>>>
>>> for a while now we've set that flag by default.
>>
>> That's not what wireshark says. I'll have to provide more info.
>
> KDC_OPT_RENEWABLE_OK is the default value of [libdefaults]
> "kdc_default_options".
No such option in krb5.conf man page on 1.6.1. (Yeah, I know, use
the source, Luke.)
> The flag is removed if the renew_till value is
> non-zero or if KDC_OPT_RENEWABLE is set.
>
> Jeffrey Altman
I was explicitly setting both the lifetime and the renew lifetime
options in the request. Trying to manually recreate a request like
Solaris pam_krb5 makes, since that's so awkward to set up. What
you're saying is that RENEWABLE_OK goes away as soon as you try to be
explicit for debugging. P-(
This gives me something to look at. Thanks!
------------------------------------------------------------------------
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz at jpl.nasa.gov, or hbhotz at oxy.edu
More information about the krbdev
mailing list