Hi All

Is the following statement correct?

"If a kerberos client (e.g. a FreeIPA client) holds a service ticket to a
service principal in its credentials cache, it no longer needs to interact
with the KDC to access the service (assuming the ticket is still valid).
i.e. if a kerberos client is not caching service tickets, each interaction
with the service principal will require getting a new ticket from the KDC."

Are there logs on my FreeIPA-Server I can use to track ticket requests from
clients, and prove or disprove my statement above?


Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to