Kerberos ticket questions

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Kerberos ticket questions

Zuromski, Brian
hello,
        I'm having some problems using kerberos with Jaas and have runa test
of the kerberos ticket that was issued for my prinicipal.  I've included
some output of the test and was wondering if anything seems strange to
anyone.  I'm particularly concerned of the Auth, Start, End Time section.
Should they all be the same time?  Is this just the ticket lifetime on the
client and the KDC holds a different lifetime for the ticket?  sorry if
that's confusing....it is to me....


Forwardable Ticket false
Forwarded Ticket false
Proxiable Ticket false
Proxy Ticket false
Postdated Ticket false
Renewable Ticket false        
Auth Time = Mon Jun 20 10:09:31 EDT 2005
Start Time = Mon Jun 20 10:09:31 EDT 2005
End Time = Mon Jun 20 10:09:31 EDT 2005
Renew Till = Null
Client Address Null ]
________________________________________________
Kerberos mailing list           [hidden email]
https://mailman.mit.edu/mailman/listinfo/kerberos
Reply | Threaded
Open this post in threaded view
|

Re: Kerberos ticket questions

Seema Malkani
Here are the KerberosTicket time details:

"starttime" specifies the time after which the ticket is valid.
"endtime" specifies it's expiration time.
"authtime" specifies the time of initial authentication for the principal.

The max lifetime of the Kerberos ticket is defined by the KDC (typically
8 hours). Please check the KDC used, and ensure it has the max lifetime
defined.

Seema

Zuromski, Brian wrote:

>hello,
>        I'm having some problems using kerberos with Jaas and have runa test
>of the kerberos ticket that was issued for my prinicipal.  I've included
>some output of the test and was wondering if anything seems strange to
>anyone.  I'm particularly concerned of the Auth, Start, End Time section.
>Should they all be the same time?  Is this just the ticket lifetime on the
>client and the KDC holds a different lifetime for the ticket?  sorry if
>that's confusing....it is to me....
>
>
>Forwardable Ticket false
>Forwarded Ticket false
>Proxiable Ticket false
>Proxy Ticket false
>Postdated Ticket false
>Renewable Ticket false        
>Auth Time = Mon Jun 20 10:09:31 EDT 2005
>Start Time = Mon Jun 20 10:09:31 EDT 2005
>End Time = Mon Jun 20 10:09:31 EDT 2005
>Renew Till = Null
>Client Address Null ]
>________________________________________________
>Kerberos mailing list           [hidden email]
>https://mailman.mit.edu/mailman/listinfo/kerberos
>  
>


________________________________________________
Kerberos mailing list           [hidden email]
https://mailman.mit.edu/mailman/listinfo/kerberos