<moritz.will...@ubs.com> writes: > I like this much better than -K implying to constantly fetch new > tickets. On one host it may be ok to change the -K behaviour; but if you > are running k5start on thousands or ten thousands of hosts, the > multiplying factor cannot be neglected. It may also be very intentional > to only refresh the ticket once a day but check regularly that it didn't > get lost by accident.
Okay, I think I'm hearing enough opposition to the plan to just change -K that I'm going to go with the previous plan of adding a new -a option that says to renew the ticket each time it wakes up. I'm also going to support using -H with -K, where -H is the minimum ticket lifetime and the renewal decision will be based on maintaining at least that minimum ticket lifetime. > If the behaviour is changing and k5start refresh the ticket more > regularly, then the updating of the CC must always be atomic. If I > remember correctly, this is right now only the case if -o, -g or -m are > specified. I think this is true regardless, and I'm tentatively planning on changing k5start to always obtain tickets in a new ticket cache file and then rename it over top of the existing ticket cache in the next release. -- Russ Allbery (ea...@eyrie.org) <http://www.eyrie.org/~eagle/> ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos