So, from reading the RFC and looking at what kerberos clients do, it
seems there are potentially several different ways to renew a renewable
TGT.
I'm looking, in this case, at what a MS Windows client does with a MIT
Kerberos KDC, when I *don't* get another renewable TGT on the renewal.
So, at re
Is there a configurable timeout value that can be set in the krb5.conf to
tell a client how long to wait for a response from a KDC before failing
over to the next listed kdc entry for a specific REALM in the [realms]
section of the krb5.conf?
When looking at
http://web.mit.edu/kerberos/krb5-devel/
... one more question - if this is a supported parameter today
(kdc_timeout) what is its default value?
Thanks
On Mon, Dec 8, 2014 at 10:20 PM, Todd Grayson wrote:
> Is there a configurable timeout value that can be set in the krb5.conf to
> tell a client how long to wait for a response from a
What is the proper order for the [domain_realms] section of the krb5.conf
with regard to rules being applied when there are mixed dns FQDN, domain
names and REALMS.
Should the [domain_realms] section be listed from most specific to least
specific
for example
[domain_realm]
specific-host.domain.na
I'm pleased to announce release 1.2 of wallet.
The wallet is a system for managing secure data, authorization rules to
retrieve or change that data, and audit rules for documenting actions
taken on that data. Objects of various types may be stored in the wallet
or generated on request and retriev
