Nico Williams <n...@cryptonector.com> writes: > Ideally the auto-renewal wake-up timer should be automatically set from > the TGT's lifetime (and libkrb5 should automatically handle any faster > expiration of non-initial tickets). Then -K shouldn't be needed.
Well, -K is how one says to run as a daemon at all, so you still need the flag, but possibly not its value. > The hard part is how to handle transient renewal errors, particularly > when the ticket's original lifetime was short (but renew lifetime > long). If acquiring credentials fails, k5start (and krenew) try every minute until they succeed again regardless of the -K value. -- Russ Allbery (ea...@eyrie.org) <http://www.eyrie.org/~eagle/> ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos