Hi All
Is the following statement correct? "If a kerberos client (e.g. a FreeIPA client) holds a service ticket to a service principal in its credentials cache, it no longer needs to interact with the KDC to access the service (assuming the ticket is still valid). i.e. if a kerberos client is not caching service tickets, each interaction with the service principal will require getting a new ticket from the KDC." Are there logs on my FreeIPA-Server I can use to track ticket requests from clients, and prove or disprove my statement above? Cheers Chris
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project