[OpenAFS] refresh initial tokens

Sat, 03 Feb 2007 10:03:48 -0500

Ronny Blomme wrote:
> $ ssh rb2@arabier
> rb2@arabier's password:
> Last login: Thu Feb  1 18:25:23 2007 from xxxxx.elis.ugent.be
> Terminal type? [dtterm]
> -bash-3.00$ klist -f
> Credentials cache: FILE:/tmp/krb5cc_10104_yg1T5z
>         Principal: rb2@ELIS.UGENT.BE
> 
>   Issued           Expires        Flags    Principal
> Feb  3 15:27:36  Feb  4 16:27:36  FRI    krbtgt/ELIS.UGENT.BE@ELIS.UGENT.BE
> -bash-3.00$ kinit -R
> -bash-3.00$ klist -f
> Credentials cache: FILE:/tmp/krb5cc_10104_yg1T5z
>         Principal: rb2@ELIS.UGENT.BE
> 
>   Issued           Expires        Flags    Principal
> Feb  3 15:28:08  Feb  4 16:27:36         krbtgt/ELIS.UGENT.BE@ELIS.UGENT.BE
> Feb  3 15:28:08  Feb  4 16:27:36         afs@ELIS.UGENT.BE
> 
> 
>>>>>>> why did the R-flag disappear?

Because as I hinted at in the last e-mail, the renewable lifetime of the
ticket is not greater than the lifetime of the current ticket.
Therefore, there is no point requesting a renewable ticket that can't be
renewed.

Notice that the expires time of both the original and renewed tickets
are the same.

This thread is completely off-topic for this mailing list.  If you
wish to continue discussing how to use Kerberos 5 end user tools,
please ask questions on kerberos@mit.edu which is the appropriate
forum.

Jeffrey Altman
Secure Endpoints Inc.