On Sat, Jan 2, 2016 at 10:30 AM, Viktor Dukhovni <postfix-us...@dukhovni.org > wrote:
> On Sat, Jan 02, 2016 at 12:00:23PM -0500, Brendan Kearney wrote: > > > Victor's script gets a Kerberos ticket every hour. it does not renew > the > > existing ticket, it seems. my tickets are valid for 10 hours, and > renewable > > for 1 week. getting a new ticket every hour is unnecessary. the idea > of a > > samba client being used to refresh tickets sounds interesting. Louis, > > please do provide more detail. > > This is a non-interactive use-case. A fresh ticket once an hour > is by far simpler than trying to figure out when to renew and when > to get a fresh ticket. DO NOT make this needlessly complex. I'd like to add I followed Victor's suggestion some time ago when setting up a Kerberos-enabled Postfix with grabbing a new ticket every hour. Not only is it far simpler like he says here, also, should your ticket fetch fail for any reason, it gives you 10 hours to remedy the problem before your entire mail system stops working. Since with Kerberos, your mail system now depends on at least one other system functioning perfectly, this can be a welcome relief when things don't go as expected. Steve
