Generate AS-REQ with RENEWABLE_OK flag?
Jeffrey Altman
jaltman at secure-endpoints.com
Thu Jul 12 15:18:35 EDT 2007
Henry B. Hotz wrote:
> I was explicitly setting both the lifetime and the renew lifetime
> options in the request. Trying to manually recreate a request like
> Solaris pam_krb5 makes, since that's so awkward to set up. What
> you're saying is that RENEWABLE_OK goes away as soon as you try to be
> explicit for debugging. P-(
I'm saying that KDC_OPT_RENEWABLE and KDC_OPT_RENEWABLE_OK should not be
set at the same time. If you explicitly ask for a renewable ticket by
setting a renew_till time, then KDC_OPT_RENEWABLE_OK will not be sent.
Jeffrey Altman
Secure Endpoints Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3355 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mailman.mit.edu/pipermail/krbdev/attachments/20070712/f50f13ec/attachment.bin
More information about the krbdev
mailing list