Ticket lifetimes > 10 hrs?
Ken Hornstein
kenh at cmf.nrl.navy.mil
Fri Nov 15 11:10:30 EST 2002
>> and you
>> CANNOT get a new ticket for that service without acquiring a new TGT.
>>
>
>- Um, that seems very broken. Is the problem just that the mk_req
>routines are not checking the expiration time of the existing
>service ticket?
There are two problems:
- The MIT client side library wont get you a new service ticket if you
have one already cached, even if it's expired.
- Even if you DID get a new ticket, it would have already expired (you would
be limited by TGT start time plus service expiration time).
--Ken
More information about the Kerberos
mailing list