GSSAPI - context lifetime

Nicolas Williams Nicolas.Williams at
Thu May 29 17:50:29 EDT 2008

On Thu, May 29, 2008 at 04:45:22PM -0500, Nicolas Williams wrote:
> On Thu, May 29, 2008 at 02:23:09PM -0700, Russ Allbery wrote:
> > Because all products of a Kerberos authentication should be tied to a
> > ticket lifetime.  Otherwise, the ticket lifetime isn't meaningfully
> > enforced; someone who obtains a ticket at some point could authenticate to
> > a service and simply stay authenticated, and there would be no good way of
> > rejecting their later operations.
> You'd think.  And I agree.

Well, I just disagreed with me.

More information about the krbdev mailing list