[PATCH] krb5 ticket refresh chain
Stefan (metze) Metzmacher
metze at samba.org
Mon Jan 5 07:47:12 GMT 2009
> nautilus and smbspool rely on krb5 ticket to connect to servers,
> therefore, it can locks account when krb5 ticket expires. The
> recommended question here is destroying krb5 ticket in case that it can
> be expired and renew/rekinit it when possible. We handle errors such as
> KRB5_REALM_CANT_RESOLVE, KRB5_AP_ERR_TKT_EXPIRED or KRB5_FCC_NOFILE to
> make krb5 ticket refresh chain more robust.
> When we cannot renew/rekinit ticket, or login in cache mode, destroy
> krb5 ticket and try to renew/rekinit it later when KDC available. when
> krb5 ticket expired, we rekinit it if it is possible.
> Patches are in the attachment, thanks!
I'm currently rewriting this to avoid set_event_dispatch_time() and
cancel_named_event(), as both only work on the first event with the
You can find my work in progress here:
It would be nice if you could help me to rebase my changes on top of
your patches or rewrite your changes based on the ideas in my changes.
As I have no setup to really test my changes.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 252 bytes
Desc: OpenPGP digital signature
Url : http://lists.samba.org/archive/samba-technical/attachments/20090105/d1ee1a99/signature.bin
More information about the samba-technical