On Thu, Aug 09, 2012 at 08:42:14AM -0500, Matt Garman wrote:
> We have a situation where users stay logged on for literally days or
> even weeks at a time for very long-running simulation jobs. So the
> default max ticket life of one day isn't really appropriate for us.
>
> It seems that there ar
On Tue, Aug 14, 2012 at 3:41 PM, Roland C. Dowdeswell wrote:
> On Tue, Aug 14, 2012 at 10:47:42AM -0500, Nico Williams wrote:
>> A few remarks regarding revocation:
>>
>> - For same realm client and service the TGS should check that the
>> client principal is still valid.
>
> Right, but this only
On Tue, Aug 14, 2012 at 10:47:42AM -0500, Nico Williams wrote:
>
> On Mon, Aug 13, 2012 at 7:05 AM, Mark Pr?hl wrote:
> > if a ticket has been issued to the client, the KDC cannot revoke that
> > ticket, even if the client is deleted or disabled. But if the client
> > needs to do a renew request
On Mon, Aug 13, 2012 at 7:05 AM, Mark Pröhl wrote:
> if a ticket has been issued to the client, the KDC cannot revoke that
> ticket, even if the client is deleted or disabled. But if the client
> needs to do a renew request from time to time, the KDC might not issue
> new tickets if the client is
On 13/08/12 14:05, Mark Pröhl wrote:
> Am 09.08.2012 15:42, schrieb Matt Garman:
>> We have a situation where users stay logged on for literally days or
>> even weeks at a time for very long-running simulation jobs. So the
>> default max ticket life of one day isn't really appropriate for us.
>>
>
Am 09.08.2012 15:42, schrieb Matt Garman:
> We have a situation where users stay logged on for literally days or
> even weeks at a time for very long-running simulation jobs. So the
> default max ticket life of one day isn't really appropriate for us.
>
> It seems that there are two solutions to t
On 08/09/2012 09:42 AM, Matt Garman wrote:
> Perhaps I didn't look hard enough, but I haven't been able to find a
> discussion on why one might choose one option over the other. I was
> hoping some of the list members might weigh in with their thoughts.
Practically speaking, I think the main secu
We have a situation where users stay logged on for literally days or
even weeks at a time for very long-running simulation jobs. So the
default max ticket life of one day isn't really appropriate for us.
It seems that there are two solutions to this dilemma: (1) a much
longer max ticket life or (