My application tries to renew credentials with krb5_get_renewed_cred about
every 5 minutes for the default principal. Will a following
gss_init_sec_context request a new service principal or do I need to call
krb5_get_renewed_cred also for the service principal ?
I see the following when renewing and storing the credentials on Windows and
gss_init_sec_context fails with ticket expired as it doesn't seem to
attempt to renew the service principal with the maximal krbtgt (here
19:39:57) expiry time but uses the initial expiry time of 19:29:47.
>"c:\Program Files\MIT\Kerberos\bin\klist.exe" -c FILE:d:\thread_test_4148
Ticket cache: FILE:d:\thread_test_4148
Default principal: [EMAIL PROTECTED]
Valid starting Expires Service principal
09/09/07 19:17:47 09/09/07 19:29:47
krbtgt/[EMAIL PROTECTED]
renew until 09/09/07 20:20:47
09/09/07 19:18:07 09/09/07 19:29:47 krbtgt/[EMAIL PROTECTED]
renew until 09/09/07 20:20:47
09/09/07 19:18:22 09/09/07 19:29:47 HTTP/[EMAIL PROTECTED]
renew until 09/09/07 20:20:47
09/09/07 19:22:56 09/09/07 19:34:56
krbtgt/[EMAIL PROTECTED]
renew until 09/09/07 20:20:47
09/09/07 19:27:57 09/09/07 19:39:57
krbtgt/[EMAIL PROTECTED]
renew until 09/09/07 20:20:47
09/09/07 19:32:44 09/09/07 19:29:47 HTTP/[EMAIL PROTECTED]
renew until 09/09/07 20:20:47
09/09/07 19:27:57 09/09/07 19:39:57
krbtgt/[EMAIL PROTECTED]
renew until 09/09/07 20:20:47
Thank you
Markus
________________________________________________
Kerberos mailing list [email protected]
https://mailman.mit.edu/mailman/listinfo/kerberos
