[WinPartners] Case 639144: Kerberos tickets never expire (?)

Eduardo Gonzalez eduardog at MIT.EDU
Thu Aug 12 13:52:15 EDT 2004 

Bryant,

Bingo! To get Kerberos to behave the way it used to, I did the following:

1. in leash, click on Options, Kerberos Properties, Ticket Lifetime and ... .
2. Enter the following numbers (from top to bottom and left to right)
0, 10, 0; 0, 10, 0
0, 0, 5; 0, 10, 0
0, 10, 0; 0, 10, 0

After doing this, I obtained tickets and selected a lifetime of 5 minutes. After the 5 minutes, the tickets expired, and I was prompted to renew them.

Hopefully this will help anybody who was affected by this change in behavior in the new Kerberos.  As I mentioned to others, this was not a huge issue because my computer is not a public station (also, when my screen saver comes on, it locks the computer). However, I thought it'd be worthwhile to put in my 2-cents-worth to those concerned. Since Kerberos is the means by which we get secure computing done around here (and elsewhere), I felt it was important to bring up this issue that to me, at first sight, seemed like a bug. At the very least documentation could be updated (or the Help button in Leash could provide definitions as to what all those fields mean).

Thanks

Eduardo 


At 01:05 PM 8/12/2004, Bryant C. Vernon wrote:
>Hi Eduardo,
>
>I would like to take a look at your machine and review your Kerberos configuration to see if we can get to the bottom of this mystery. 
>
>All the Best,
>Bryant 
>
>
>----------------
>Bryant C. Vernon
>Product Release Coordinator
>Software Release Team
>Massachusetts Institute of Technology
>http://web.mit.edu/swrt
>t: 617-253-5103
>f: 617-258-8736
>m: bcvernon at mit.edu
>
>-----Original Message-----
>From: winpartners-bounces at MIT.EDU [mailto:winpartners-bounces at MIT.EDU] On Behalf Of Eduardo Gonzalez
>Sent: Thursday, August 12, 2004 12:45 PM
>To: Paul Dzus; Eduardo Gonzalez
>Cc: winpartners at mit.edu
>Subject: Re: [WinPartners] Kerberos tickets never expire (?)
>
>I do see those options that you're talking about, but I never changed it from the default (default ticket lifetime 10 hours). Its gotta be some sort of bug. This didn't happen with Kerberos 2.5. Its not a huge deal to me at all.. since my computer just locks itself automatically when the screen saver comes on, but its not supposed to work this way.
>
>I'll keep on providing feedback to either the Help Desk or to the Kerberos team, if there is such a thing.
>
>Eduardo
>
>At 11:24 AM 8/11/2004, Paul Dzus wrote:
>>I found that when you initialize tickets via the Leash32 interface, there's options for Ticket Lifetime (maximum of 1 day) but there's options for getting tickets that renew (with a maximum of 30 days!).  Maybe that renewal is happening automatically?
>>
>>I had not enabled that option but left my ticket lifetime at the default 10 hours.
>>
>>Paul K. Dzus
>>Network and Information Technology Manager
>>The MIT Press (NE25-4007)
>>Five Cambridge Center, Suite 4
>>Cambridge, MA 02142-1493  USA
>>Telephone       (617) 258-6783
>>FAX             (617) 258-6779
>>e-mail: pdzus at mit.edu
>>URL:            http://mitpress.mit.edu/
>>
>>
>>
>>
>>At 10:57 AM 8/11/2004, Eduardo Gonzalez wrote:
>>>Dear Computing Help Desk,
>>>
>>>Is it my machine or has anyone seen this? Ever since installing the new version of Kerberos (version 2.6.3; Windows XP Pro), my tickets apparently never expire. For example, when I come back from the weekend my tickets are still valid and when I open Eudora my email just downloads! It happens every morning. Should I be surprised by this..? I don't remember reading anything in the release notes as to this change in behavior, and I'm concerned for obvious reasons. I haven't looked at its settings because I wanted to run this by you first.
>>>
>>>Eduardo

More information about the winpartners mailing list