Renewal of Kerberos tickets

Jurjen Bokma

March 2011

Table of Contents

The problems

Our Kerberos installation has multiple issues. With a maximum ticket lifetime of 12 hours, people are kicked out of their homedirs after a day. Even if they run

user@host:~$ kinit --renewable
<snip passwd-prompt>
user@host:~$ while true ; do kinit --renew ; sleep $((3600 * 6)) ; done &

... they get kicked out after slightly more than a week.

And some people who run lengthy jobs on multiple computers report that even the kinit --renew doesn't work to keep them logged in until the next day.