Diogenes S. Jesus wrote:
> Check on with:
> klist -Afe
Looks like "-e" is an unknown option.
>
> And check what flags your TGT have - AFAIK it must have "renewable" flag.
>
> http://web.mit.edu/kerberos/krb5-1.5/krb5-1.5/doc/krb5-user/Kerberos-Ticket-Properties.htm
Yes, the TGT has the "renewable" flag, the expired service tickets
don't, and they are stuck. Please see below:
$ klist
Credentials cache: FILE:/tmp/krb5cc_1001
Principal: suda...@sibptus.ru
IssuedExpires Principal
Jul 19 20:05:26 2016 Jul 26 20:05:25 2016 krbtgt/sibptus...@sibptus.ru
Jul 20 19:17:11 2016 >>>Expired<<< host/noc.sibptus...@sibptus.ru
Jul 20 19:17:11 2016 >>>Expired<<< host/noc.sibptus...@sibptus.ru
Jul 20 19:17:11 2016 >>>Expired<<< host/noc.sibptus...@sibptus.ru
$ klist -v
Credentials cache: FILE:/tmp/krb5cc_1001
Principal: suda...@sibptus.ru
Cache version: 4
Server: krbtgt/sibptus...@sibptus.ru
Client: suda...@sibptus.ru
Ticket etype: aes256-cts-hmac-sha1-96, kvno 1
Ticket length: 433
Auth time: Jul 19 20:05:26 2016
End time: Jul 26 20:05:25 2016
Renew till: Jul 26 20:05:26 2016
Ticket flags: pre-authent, initial, renewable, forwardable
Addresses: IPv4:78.140.19.131, IPv4:192.168.4.1, IPv4:192.168.3.1,
IPv6:2001:470:35:7af::2, IPv4:192.168.1.1
Server: host/noc.sibptus...@sibptus.ru
Client: suda...@sibptus.ru
Ticket etype: aes256-cts-hmac-sha1-96, kvno 1
Ticket length: 435
Auth time: Jul 19 20:05:26 2016
Start time: Jul 20 19:17:11 2016
End time: Jul 21 19:17:11 2016 (expired)
Ticket flags: transited-policy-checked, pre-authent
Addresses: IPv4:78.140.19.131, IPv4:192.168.4.1, IPv4:192.168.3.1,
IPv6:2001:470:35:7af::2, IPv4:192.168.1.1
Server: host/noc.sibptus...@sibptus.ru
Client: suda...@sibptus.ru
Ticket etype: aes256-cts-hmac-sha1-96, kvno 1
Ticket length: 435
Auth time: Jul 19 20:05:26 2016
Start time: Jul 20 19:17:11 2016
End time: Jul 21 19:17:11 2016 (expired)
Ticket flags: transited-policy-checked, pre-authent
Addresses: IPv4:78.140.19.131, IPv4:192.168.4.1, IPv4:192.168.3.1,
IPv6:2001:470:35:7af::2, IPv4:192.168.1.1
Server: host/noc.sibptus...@sibptus.ru
Client: suda...@sibptus.ru
Ticket etype: aes256-cts-hmac-sha1-96, kvno 1
Ticket length: 435
Auth time: Jul 19 20:05:26 2016
Start time: Jul 20 19:17:11 2016
End time: Jul 21 19:17:11 2016 (expired)
Ticket flags: transited-policy-checked, pre-authent
Addresses: IPv4:78.140.19.131, IPv4:192.168.4.1, IPv4:192.168.3.1,
IPv6:2001:470:35:7af::2, IPv4:192.168.1.1
--
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
sip:suda...@sibptus.tomsk.ru