I have a HTTP service running on my domain. But I have few doubts regarding how the life time for my HTTP service is decided. how long can a client be able to use my HTTP service ?
Kerberos key Lifetime
1.6k Views Asked by PeeKay At
1
There are 1 best solutions below
Related Questions in AUTHENTICATION
- Access roles from multiple applications
- Different storyboard's entry points depending on a parameter
- SoundCloud Authentication Consistently Returns 401 invalid_grant For Some Users
- sendxmpp not authorized failure (Error AuthSend)
- Retrieve user information from Active Directory on login
- Log in through active directory
- Ember.js REST Auth Headers
- Validate Deezer access token on server
- Why does IIS Anonymous Authentication turn on by itself after I publish my project to server?
- Laravel - session data survives log-out/log-in, even for different users
Related Questions in KERBEROS
- Gemfire offers Time To Live for an element?
- Gemfire HTTP Session Manager EntryIdleTimeout is not the same error
- GemfireXD - PreparedStatement setArray for String(VARCHAR) array not working
- Gemfire Junit for multi module project tests are taking too long
- How to know Gemfire/Geode cluster size from the client
- How to use GFSH to connect peer to peer environment?
- GemfireXD - How to parallelize data processing for bigger data size
- Using Gemfire on high volume transaction system
- Gemfire - Cannot start locator
- Gemfire WAN Gateway-sender configuration
Related Questions in MIT-KERBEROS
- Warnings in Informix database log
- How to release Informix lock from Java
- Informix - select from a temp table created in a 4gl with Interactive debugger?
- Informix throw internal error when creating new transaction in existing one
- How do I split a time range into days using stored procedure in informix 11.5?
- Informix PDO connection : Error SQLSTATE=HY000, SQLDriverConnect: -329 sqlerrm(systables)
- Informix database connection in Play framework
- What may cause connection to be null and How to reuse null reference object?
- SQL query if not null enter field value
- How to backup a single database residing in a dbspace in Informix?
Related Questions in KDC
- Warnings in Informix database log
- How to release Informix lock from Java
- Informix - select from a temp table created in a 4gl with Interactive debugger?
- Informix throw internal error when creating new transaction in existing one
- How do I split a time range into days using stored procedure in informix 11.5?
- Informix PDO connection : Error SQLSTATE=HY000, SQLDriverConnect: -329 sqlerrm(systables)
- Informix database connection in Play framework
- What may cause connection to be null and How to reuse null reference object?
- SQL query if not null enter field value
- How to backup a single database residing in a dbspace in Informix?
Related Questions in KLIST
- Warnings in Informix database log
- How to release Informix lock from Java
- Informix - select from a temp table created in a 4gl with Interactive debugger?
- Informix throw internal error when creating new transaction in existing one
- How do I split a time range into days using stored procedure in informix 11.5?
- Informix PDO connection : Error SQLSTATE=HY000, SQLDriverConnect: -329 sqlerrm(systables)
- Informix database connection in Play framework
- What may cause connection to be null and How to reuse null reference object?
- SQL query if not null enter field value
- How to backup a single database residing in a dbspace in Informix?
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
Popular # Hahtags
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
A Kerberos ticket has a lifetime (e.g. 10 hours) and a renewable lifetime (e.g. 7 days). As long as the ticket is still valid and is still renewable, you can request a "free" renewal -- no password required --, and the lifetime counter is reset (e.g. 10h to go, again).
When creating the ticket, each "lifetime" is set as the MIN() of 3 values:
/etc/krb5.conf(check the MIT documentation under ticket_lifetime and renew_lifetime)kinitcommand has-land-roptions)Bottom line: if your KDC does not serve renewable tickets because
max_renewable_life = 0then clients will have to get a new ticket everymax_life(or less, if their localticket_lifetimeis smaller).PS: if the ticket is stored in the default cache then you can use
klistto check the end-of-(renewable)-life time.PPS: I remember some complaints about Java API (JAAS) not allowing apps to request renewable Kerberos tickets... Check if it's still the case.