Renewing kerberos ticket without user intervention

active-directory mac-osx printing kerberos

145

kinit -R seems to do the trick for me. I'm tempted to suggest just having a LaunchAgent that runs this command with a StartInterval of, say, 7200 seconds (2 hrs); you could get fancier (e.g. testing network connectivity first, adjusting the retry frequency as your TGT gets closer to expiring, etc), but I think you'd mostly be going to a lot or work to avoid a tiny bit of computational expense.

145

Dao's

Updated on September 17, 2022

Comments

Dao's almost 2 years

R16B02 erl_db.c:1272

/* we create table outside any table lock
 * and take the unusal cost of destroy table if it
 * fails to find a slot 
 */
{
    DbTable init_tb;

    erts_smp_atomic_init_nob(&init_tb.common.memory_size, 0);
    tb = (DbTable*) erts_db_alloc(ERTS_ALC_T_DB_TABLE,
                                  &init_tb, sizeof(DbTable));
    erts_smp_atomic_init_nob(&tb->common.memory_size,
                             erts_smp_atomic_read_nob(&init_tb.common.memory_size));
}

My Qus. why do this? the init_tb just use common.memory_size field. why not use a int replace?

eric.s over 13 years

-R does not seem to renew. -R 7200 complains about not knowing who 7200@mydomain is. I am trying -B to see how that works out.
eric.s over 13 years

and -B it is. This adds 10 minutes to the ticket and keeps it going.
Gordon Davisson over 13 years

Interesting. -B isn't in the kinit man page, but kinit -help lists "-B renew all tickets" (as opposed to "-R renew tickets").
Heiko Rupp over 5 years

-B is not in all versions of macOS. In 10.14, kinit -R exists, but fails in my case because the ticket is not renewable. A plain kinit without options works though.