Hi, my application tries to acquire a GSS credential with a client keytab:
$ KRB_CLIENT_KTNAME=$HOME/client.keytab app No credential is obtained. At that time, the credential was already expired. I turned on KRB5_DEBUG and saw that the KRB5 lib checks the credential cache and stops right there. It does not detect that it has expired and does not use the client keytab to inquire for a new TGT. I can provide an obfuscated logfile if necessary. In my opinion, that is a bug and defeats the entire purpose of the client keytab. We do use MIT Kerberos 1.12.1 on HP-UX 11.31. Michael ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
