On 09/20/2015 06:29 PM, Martin Gee wrote: > On that note, it seems creds / tickets don't refresh either. I'm using > gss_acquire_cred (to get the TGT). from: Developing with GSSAPI — MIT > Kerberos Documentation > <http://web.mit.edu/kerberos/krb5-latest/doc/appdev/gssapi.html>
> "If the krb5 mechanism acquires initial tickets using the default client > keytab, the resulting tickets will be stored in the default cache or > collection, and will be refreshed by future calls togss_acquire_cred > <http://tools.ietf.org/html/rfc2744.html#section-5.2> as they approach > their expire time." > Seems the docs describe something that doesn't exist in the the code. That functionality does exist, if the TGT was initially acquired using gss_acquire_cred() with a client keytab. If you ran kinit -k by hand to populate the ccache, those creds will not be automatically refreshed. ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
