GSS krb5 mech and ticket expiration

Henry B. Hotz hotz at
Wed Jun 9 14:37:59 EDT 2010

On Jun 9, 2010, at 9:04 AM, krbdev-request at wrote:

> I recently committed a change to stop checking for context expiration
> times in the krb5 GSS mech's wrap and unwrap functions.  From the
> commit message:

In an ideal world, I would argue that app's should renew tgt's and rekey sessions transparently as needed.  However in practice it seems to me that most services will allow a session or operation to continue to completion, and at most enforce ticket expiration for new operations.

+1, since it seems to match current practice better.

The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz at, or hbhotz at

More information about the krbdev mailing list