Jeffrey, when you say destroy tickets do you use krb5_cc_remove_cred ? How can I do it for memory caches as remove_cred isn't supported.?
Thank you Markus ----- Original Message ----- From: "Jeffrey Altman" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Cc: <[email protected]> Sent: Monday, September 10, 2007 8:27 PM Subject: [-SPAM-] Re: Question about krb5_get_renewed_creds > Markus Moeller wrote: >> My application tries to renew credentials with krb5_get_renewed_cred >> about >> every 5 minutes for the default principal. Will a following >> gss_init_sec_context request a new service principal or do I need to call >> krb5_get_renewed_cred also for the service principal ? >> I see the following when renewing and storing the credentials on Windows >> and >> gss_init_sec_context fails with ticket expired as it doesn't seem to >> attempt to renew the service principal with the maximal krbtgt (here >> 19:39:57) expiry time but uses the initial expiry time of 19:29:47. > Markus: > > krb5_get_renewed_creds() only renews the single service ticket that is > specified > as the in_tkt_service parameter or the TGT if none is specified. It > does not > modify any of the other credentials in the cache. > > Ticket managers such as NIM's krb5 identity provider destroy the tickets > other > than the TGT when renewing the TGT. This forces the acquisition of new > service > tickets. > > Jeffrey Altman > > > ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
