On 13/08/12 14:05, Mark Pröhl wrote: > Am 09.08.2012 15:42, schrieb Matt Garman: >> We have a situation where users stay logged on for literally days or >> even weeks at a time for very long-running simulation jobs. So the >> default max ticket life of one day isn't really appropriate for us. >> >> It seems that there are two solutions to this dilemma: (1) a much >> longer max ticket life or (2) some kind of auto-renewal scheme. >> >> Perhaps I didn't look hard enough, but I haven't been able to find a >> discussion on why one might choose one option over the other. I was >> hoping some of the list members might weigh in with their thoughts. >> >> Thanks! >> Matt >> ________________________________________________ >> Kerberos mailing list [email protected] >> https://mailman.mit.edu/mailman/listinfo/kerberos >> > > if a ticket has been issued to the client, the KDC cannot revoke that > ticket, even if the client is deleted or disabled. But if the client > needs to do a renew request from time to time, the KDC might not issue > new tickets if the client is deleted or disabled. >
Hi For long logons we use k5start. It renews tickets at given time intervals. Cheers, Steve ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
