[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Ticket Renewal not working.
At 8:10 PM +0200 7/29/03, Love wrote:
>Love <lha@stacken.kth.se> writes:
>
>> "Henry B. Hotz" <hotz@jpl.nasa.gov> writes:
>>
>>> KDC is Heimdal on NetBSD-current from a few months ago, something like
>>> 0.51 or 0.52 I think. The principal has reasonable lifetime limits,
>>> something like a day, with at least a week renewable.
>>>
>>> As of the MIT 1.3 code base the GUI in KfW and KfM will auto-renew
>>> tickets so I'd like to make sure that feature works.
>>
>> You have to request renewable ticket before they are renewable.
>>
>> kinit --renewable
>
>Or
>
>kinit --renewable-life='1 week'
>
>or add it to krb5.conf (see manpage)
Added an appdefaults section to the krb5.conf file on Solaris and it
works fine. Presume NetBSD will be same. I probably should have
noticed that renewable was a separate flag that had to be requested.
Sorry for the noise.
However on OSX.2.6 I still have the following:
>[laphotz:dist/krb-doc/afs-krb5] hotz% kinit -r 7d -l 1d hotz@HOTZ.JPL.NASA.GOV
>Kerberos Login:
>Please enter the password for hotz@HOTZ.JPL.NASA.GOV:
>MacLeland: Couldn't get jpl.nasa.gov AFS tickets: Don't have
>Kerberos ticket-granting ticket
>[laphotz:dist/krb-doc/afs-krb5] hotz% klist -f
>Kerberos 5 ticket cache: 'API:0'
>Default Principal: hotz@HOTZ.JPL.NASA.GOV
>Valid Starting Expires Service Principal
>07/29/03 13:04:44 07/30/03 13:04:37
>krbtgt/HOTZ.JPL.NASA.GOV@HOTZ.JPL.NASA.GOV
> renew until 08/05/03 13:04:37, FPRI
>
>Kerberos 4 ticket cache: '0'
>Default Principal: hotz@HOTZ.JPL.NASA.GOV
>Issued Expires Service Principal
>07/29/03 13:04:37 07/30/03 14:30:58
>krbtgt.HOTZ.JPL.NASA.GOV@HOTZ.JPL.NASA.GOV
>
>[laphotz:dist/krb-doc/afs-krb5] hotz% kinit -R
>kinit: Error getting initial tickets: You do not have tickets for
>this principal and Kerberos version
>[laphotz:dist/krb-doc/afs-krb5] hotz%
Now I don't believe K4 tickets can be renewable so I presume that has
something to do with the error. Also MIT kinit doesn't give you a
way to only operate on the K5 ticket. I'd have to disable K4 to test
my theory.
--
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz@jpl.nasa.gov, or hbhotz@oxy.edu