[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Ticket Renewal not working.

At 8:10 PM +0200 7/29/03, Love wrote:
>Love <lha@stacken.kth.se> writes:
>>  "Henry B. Hotz" <hotz@jpl.nasa.gov> writes:
>>>  KDC is Heimdal on NetBSD-current from a few months ago, something like
>>>  0.51 or 0.52 I think.  The principal has reasonable lifetime limits,
>>>  something like a day, with at least a week renewable.
>>>  As of the MIT 1.3 code base the GUI in KfW and KfM will auto-renew
>>>  tickets so I'd like to make sure that feature works.
>>  You have to request renewable ticket before they are renewable.
>>  kinit --renewable
>kinit --renewable-life='1 week'
>or add it to krb5.conf (see manpage)

Added an appdefaults section to the krb5.conf file on Solaris and it 
works fine.  Presume NetBSD will be same.  I probably should have 
noticed that renewable was a separate flag that had to be requested. 
Sorry for the noise.

However on OSX.2.6 I still have the following:

>[laphotz:dist/krb-doc/afs-krb5] hotz% kinit -r 7d -l 1d hotz@HOTZ.JPL.NASA.GOV
>Kerberos Login:
>Please enter the password for hotz@HOTZ.JPL.NASA.GOV:
>MacLeland: Couldn't get jpl.nasa.gov AFS tickets: Don't have 
>Kerberos ticket-granting ticket
>[laphotz:dist/krb-doc/afs-krb5] hotz% klist -f
>Kerberos 5 ticket cache: 'API:0'
>Default Principal: hotz@HOTZ.JPL.NASA.GOV
>Valid Starting     Expires            Service Principal
>07/29/03 13:04:44  07/30/03 13:04:37 
>         renew until 08/05/03 13:04:37, FPRI
>Kerberos 4 ticket cache: '0'
>Default Principal: hotz@HOTZ.JPL.NASA.GOV
>Issued             Expires            Service Principal
>07/29/03 13:04:37  07/30/03 14:30:58 
>[laphotz:dist/krb-doc/afs-krb5] hotz% kinit -R
>kinit: Error getting initial tickets: You do not have tickets for 
>this principal and Kerberos version
>[laphotz:dist/krb-doc/afs-krb5] hotz%

Now I don't believe K4 tickets can be renewable so I presume that has 
something to do with the error.  Also MIT kinit doesn't give you a 
way to only operate on the K5 ticket.  I'd have to disable K4 to test 
my theory.
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz@jpl.nasa.gov, or hbhotz@oxy.edu