Ticket Renewal

At ETH ticket granting tickets expire after ten hours but can be renewed while still valid for up to seven days.

Automatic Renewal

Modern Linux systems use sssd for authentication and authorization. For logins and sessions established by sssd it can also renew Kerberos tickets it created. isginf managed Linux systems are always configured this way.

To enable this feature on your own Linux make sure that /etc/sssd/sssd.conf on your system has

krb5_renew_interval = 1800

in all [domain/…] sections. If you need to change the file, please restart sssd by running

systemctl restart sssd

Manual Renewal

Tickets can be renewed any time by running

krenew

You may need to install the kstart software package.

SSH

If SSH is configured correctly on the system you log in from and to then the ticket on source system is pushed to the target system when it changes. As long as the ticket of the source system is kept valid it will also remain valig on the target system.

Page URL: https://www.isg.inf.ethz.ch/bin/view/Main/HelpDesktopsAndLaptopsLinuxKerberosTicketRenewal
2019-07-19
© 2019 Eidgenössische Technische Hochschule Zürich