I have a question regarding the kerberos sytem. I suceed installing on my linux machine in colaboration with apache but i don't understand a thing. If the user is still logged in, I mean he can access the secured application, if I write on terminal:
klist
to see the ticket for that user it gives me nothing. But my client is already logged in. Only the first time I was supposed to enter the kinit command for that user and then to check with klist. How actually Kerberos works? If the first time when I created the user, I must initiate with kinit and klist the token, then what the heck?
From my understanding, running kinit is to obtain the TGT ticket from the KDC. Only with TGT ticket, can you be able to request the Service Ticket.
For a TGT ticket, it has certain time duration of validity, meaning that client doesn't have to get the TGT ticket for every request after already getting a TGT ticket. Additionally, client can not only specify the location to put the TGT ticket for persistence, but also the memory cache. That's why you find the cache is empty by klist command but still you can access the service.