On 12/03/2016 10:59 PM, John Devitofranceschi wrote:
> We ran into this recently and found that renewed tickets were also unusable.
> They could not even be renewed. Our KDC is 1.13.2.
Thanks. In hindsight, this bug manifesting with renewed as well as
forwarded tickets should have been obvious a
> On Aug 10, 2016, at 11:29 AM, Michael Howe wrote:
>
> Hi Greg,
>
> On Mon, Aug 08, 2016 at 01:39:49PM -0400, Greg Hudson wrote:
>> On 08/05/2016 02:48 PM, Michael Howe wrote:
>>> When a client has an existing (forwardable) ticket, and the krbtgt is
>>> rekeyed with -keepold, most things keep
Hi Greg,
On Mon, Aug 08, 2016 at 01:39:49PM -0400, Greg Hudson wrote:
> On 08/05/2016 02:48 PM, Michael Howe wrote:
> > When a client has an existing (forwardable) ticket, and the krbtgt is
> > rekeyed with -keepold, most things keep working. However, if that
> > ticket is used with SSH using GSS
On 08/05/2016 02:48 PM, Michael Howe wrote:
> When a client has an existing (forwardable) ticket, and the krbtgt is
> rekeyed with -keepold, most things keep working. However, if that
> ticket is used with SSH using GSSAPIDelegateCredentials=yes it seems to
> make the forwarded ticket unusable - t
Hello,
I'm working on rekeying the krbtgt for our realm for the first time
since it was created. Following the instructions at
http://web.mit.edu/kerberos/krb5-devel/doc/admin/advanced/retiring-des.html
I discovered some odd behaviour with SSH delegating credentials, which
I'd like to solve befor
