GSS krb5 mech and ticket expiration
Henry B. Hotz
hotz at jpl.nasa.gov
Wed Jun 9 14:37:59 EDT 2010
On Jun 9, 2010, at 9:04 AM, krbdev-request at mit.edu wrote:
> I recently committed a change to stop checking for context expiration
> times in the krb5 GSS mech's wrap and unwrap functions. From the
> commit message:
In an ideal world, I would argue that app's should renew tgt's and rekey sessions transparently as needed. However in practice it seems to me that most services will allow a session or operation to continue to completion, and at most enforce ticket expiration for new operations.
+1, since it seems to match current practice better.
------------------------------------------------------
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz at jpl.nasa.gov, or hbhotz at oxy.edu
More information about the krbdev
mailing list