On 12/03/2016 10:59 PM, John Devitofranceschi wrote: > We ran into this recently and found that renewed tickets were also unusable. > They could not even be renewed. Our KDC is 1.13.2.
Thanks. In hindsight, this bug manifesting with renewed as well as forwarded tickets should have been obvious as they are both ticket modification requests, but I hadn't made the connection. I have submitted a PR to add a regression test case for renewing across krbtgt rekeys, and another PR to add caveats to the "Changing the krbtgt key" documentation as you suggested (for this problem and for http://krbdev.mit.edu/rt/Ticket/Display.html?id=8519 ). ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
