On Friday, February 02, 2007 02:16:27 PM +0100 Ronny Blomme
<[EMAIL PROTECTED]> wrote:
I am setting up openafs-1.4.2 client and server on FC4 with
heimdal-0.7.2. I replaced the kas-server with kdc. When I login to this
server with ssh, I get tickets/tokens (via /etc/pam.d/sshd). These
initial tokens can be refreshed once with "kinit -R", but the new tickets
have no "Flag=R" and so these tokens cannot be refreshed:
# kinit -R
kinit: krb5_get_kdc_cred: KDC can't fulfill requested option
When I get renewable tokens with
# kinit --renewable
the "Flag=R" does not disapear, and I can "kinit -R" serveral times.
Not really an AFS question, but yes, this is how it works.
Only renewable tickets can be renewed; if you want the renewed ticket to
itself be renewable, you will have to run 'kinit -R --renewable'. Note
that the KDC may choose not to allow this.
-- Jeffrey T. Hutzelman (N3NHS) <[EMAIL PROTECTED]>
Sr. Research Systems Programmer
School of Computer Science - Research Computing Facility
Carnegie Mellon University - Pittsburgh, PA
_______________________________________________
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info
