Harald Barth wrote:
>
> > What should I specify in krb5.conf to always obtain renewable tickets?
>
> It might be missing from the man page, but I think it is
>
> [libdefaults]
> renewable = true
>
Indeed, after the first "kinit -R" the ticket looses it renewable
property. It is a desired/expected behaviour? Please see the output
below:
Script started on Sun Jun 26 10:22:42 2016
You have mail.
[sudakov@vas ~] klist
klist: No ticket file: /tmp/krb5cc_1001
[sudakov@vas ~] kinit
suda...@sibptus.ru's Password:
[sudakov@vas ~] klist -v
Credentials cache: FILE:/tmp/krb5cc_1001
Principal: suda...@sibptus.ru
Cache version: 4
Server: krbtgt/sibptus...@sibptus.ru
Client: suda...@sibptus.ru
Ticket etype: aes256-cts-hmac-sha1-96, kvno 1
Ticket length: 433
Auth time: Jun 26 10:22:49 2016
End time: Jul 3 10:22:49 2016
Renew till: Jul 3 10:22:49 2016
Ticket flags: pre-authent, initial, renewable, forwardable
Addresses: IPv4:78.140.19.131, IPv4:192.168.4.1, IPv4:192.168.3.1,
IPv6:2001:470:35:7af::2, IPv4:192.168.1.1
[sudakov@vas ~] kinit -R
[sudakov@vas ~] kinit -R
kinit: krb5_get_kdc_cred: KDC can't fulfill requested option
[sudakov@vas ~] klist -v
Credentials cache: FILE:/tmp/krb5cc_1001
Principal: suda...@sibptus.ru
Cache version: 4
Server: krbtgt/sibptus...@sibptus.ru
Client: suda...@sibptus.ru
Ticket etype: aes256-cts-hmac-sha1-96, kvno 1
Ticket length: 433
Auth time: Jun 26 10:22:49 2016
Start time: Jun 26 10:22:54 2016
End time: Jul 3 10:22:49 2016
Ticket flags: transited-policy-checked, pre-authent, forwardable
Addresses: IPv4:78.140.19.131, IPv4:192.168.4.1, IPv4:192.168.3.1,
IPv6:2001:470:35:7af::2, IPv4:192.168.1.1
[sudakov@vas ~] exit
Script done on Sun Jun 26 10:23:00 2016
--
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
sip:suda...@sibptus.tomsk.ru
