Markus Moeller wrote: > My application tries to renew credentials with krb5_get_renewed_cred about > every 5 minutes for the default principal. Will a following > gss_init_sec_context request a new service principal or do I need to call > krb5_get_renewed_cred also for the service principal ? > I see the following when renewing and storing the credentials on Windows and > gss_init_sec_context fails with ticket expired as it doesn't seem to > attempt to renew the service principal with the maximal krbtgt (here > 19:39:57) expiry time but uses the initial expiry time of 19:29:47. Markus:
krb5_get_renewed_creds() only renews the single service ticket that is specified as the in_tkt_service parameter or the TGT if none is specified. It does not modify any of the other credentials in the cache. Ticket managers such as NIM's krb5 identity provider destroy the tickets other than the TGT when renewing the TGT. This forces the acquisition of new service tickets. Jeffrey Altman
smime.p7s
Description: S/MIME Cryptographic Signature
________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
