On Fri, 2008-11-07 at 12:30 +0100, Mark Phalan wrote: > On Fri, 2008-11-07 at 00:20 -0800, Peter Eriksson wrote: ... > > > > I have a feeling that maybe ktkt_warnd isn't renewing the tickets as is > > should perhaps? > > It is enabled though... > > > > [0] algorah:/etc/krb5> svcs -a|egrep ktkt > > online Oct_28 svc:/network/security/ktkt_warn:default > > You can quite easily verify if ktkt_warnd is renewing tickets for you by > requesting a TGT with a short lifetime and then waiting to see if it is > renewed. > Run "kinit -l 3m", "klist", then wait for at least 3 mins and run > "klist" again - you should see a renewed ticket available. > > If ktkt_warnd fails to renew your ticket for some reason you should see > a message on your terminal. You can change this behaviour to log to > syslog which might be simpler to retrieve if you can't log in again. > > -M
Forgot to mention you should check to make sure that your TGT is renewable. Run "klist -f" and look for 'R' in the flags. You can also make sure that you can renew your TGT by running kinit -R which should do a rewnewal. -M
