So, from reading the RFC and looking at what kerberos clients do, it seems there are potentially several different ways to renew a renewable TGT.
I'm looking, in this case, at what a MS Windows client does with a MIT Kerberos KDC, when I *don't* get another renewable TGT on the renewal. So, at renew time, MS Windows is sending back to the MIT KDC the original renewable TGT. In the Request Body section, the client requests a TGT with the following set: a 'till of 2037-09-13 the Renew option set in the flags and that's it. The MIT KDC sends back a new TGT that is not renewable and with the renew til time the same as the end time. I suspect that in this case, the MS Client should be also setting the Renewable OK flag, since it's basically requesting a long term ticket? Or, it should be requesting specific end and renew til times with the RENEW and Renewable flags set? Thanks. -- ******************************** David William Botsch Programmer/Analyst @CNFComputing bot...@cnf.cornell.edu ******************************** ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
