[OpenAFS] refresh initial tokens
Jeffrey Hutzelman
jhutz@cmu.edu
Fri, 02 Feb 2007 11:54:52 -0500
On Friday, February 02, 2007 02:16:27 PM +0100 Ronny Blomme
<Ronny.Blomme+afsinfo@elis.ugent.be> wrote:
> I am setting up openafs-1.4.2 client and server on FC4 with
> heimdal-0.7.2. I replaced the kas-server with kdc. When I login to this
> server with ssh, I get tickets/tokens (via /etc/pam.d/sshd). These
> initial tokens can be refreshed once with "kinit -R", but the new tickets
> have no "Flag=R" and so these tokens cannot be refreshed:
># kinit -R
> kinit: krb5_get_kdc_cred: KDC can't fulfill requested option
>
> When I get renewable tokens with
># kinit --renewable
> the "Flag=R" does not disapear, and I can "kinit -R" serveral times.
Not really an AFS question, but yes, this is how it works.
Only renewable tickets can be renewed; if you want the renewed ticket to
itself be renewable, you will have to run 'kinit -R --renewable'. Note
that the KDC may choose not to allow this.
-- Jeffrey T. Hutzelman (N3NHS) <jhutz+@cmu.edu>
Sr. Research Systems Programmer
School of Computer Science - Research Computing Facility
Carnegie Mellon University - Pittsburgh, PA