Luke Howard <[EMAIL PROTECTED]> writes: > What are the current thoughts on automatically renewing Kerberos > credentials for long-lived sessions, particularly with respect to NFSv4 > (where the user experience could be adversely affected)?
> It seems that Solaris has kwarnd, which can both warn users of impending > ticket expiry as well as renewing tickets. Are there any plans to do > something similar for Linux? (I know about KCM, but we need a solution > that works with MIT, and preferably one that will work with any ccache > type.) While people are figuring out nice apps to do this with GUIs and whatnot or cool system-wide automated daemons, I needed something like this but fairly simple to replace a local AFS token renewer that's going to die when we move to K5 AFS. I've therefore just finished writing a simple program that will renew an existing ticket cache for as long as it can and/or until a particular command finishes. The program is krenew and is part of the kstart distribution as of the 3.0 release, which I just (as in ten minutes ago) put up on my web site. You can get it from <http://www.eyrie.org/~eagle/software/kstart/>. It's been moderately tested, but it may not be 100% yet. Please send me any problems you run into. It doesn't solve the more general problem of prompting the user for their credentials again, or automatically manage multiple ticket caches, but people may find it useful for the scenario we're going to use it for (maintaining Kerberos tickets and AFS tokens for long-running jobs). There are no AFS dependencies unless you want them. BTW, it's mostly tested under MIT Kerberos but it *should* work under Heimdal as well. Heimdal alas doesn't have krb5_get_renewed_creds and has a much different interface, but I think I figured it out after staring at the Heimdal kinit source for a while. Still, any corrections or further testing from Heimdal users is much appreciated. -- Russ Allbery ([EMAIL PROTECTED]) <http://www.eyrie.org/~eagle/> ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
