Ticket Renewal

At ETH ticket granting tickets expire after one hour but can be renewed while still valid for up to seven days.

Automatic Renewal

Modern Linux systems use sssd for authentication and authorization. For logins and sessions established by sssd it can also renew Kerberos tickets it created. isginf managed Linux systems are always configured this way.

To enable this feature on your own Linux make sure that /etc/sssd/sssd.conf on your system has 

krb5_renew_interval = 600

in all [domain/…] sections. If you need to change the file, please restart sssd by running 

systemctl restart sssd

Manual Renewal

Tickets can be renewed any time by running 

krenew

You may need to install the kstart software package.

SSH

If SSH is configured correctly on the system you log in from and to then the ticket on the source system is pushed to the target system when it changes. As long as the ticket of the source system is kept valid it will also remain valid on the target system.

Page URL: https://isg.inf.ethz.ch/bin/view/Main/HelpDesktopsAndLaptopsLinuxKerberosTicketRenewal
2024-11-21
© 2024 Eidgenössische Technische Hochschule Zürich