On 20/11/16 18:13, Kevin Fenzi wrote:
On Sun, 20 Nov 2016 10:10:17 +0000
Tom Hughes <tom@xxxxxxxxxx> wrote:
Bearing in mind that I've never used kerberos before, so I may be
misunderstanding something completely here, a little experimentation
suggests that currently the longest ticket lifetime we can request
with kinit is 24 hours?
It looks like it can be renewed up to a week (well six days, plus the
one day lifetime of the final ticket) but you do have to remember to
keep renewing before the 24 hour expiry is reached.
Correct. Thats the current setting. Note that I think gnome online
accounts auto handles the renewing for you (but I could be
misremembering that) if you are using that.
I long ago gave up on Gnome Online Account as it seems to be utterly
incapable of remembering anything at all. It's main purpose seemed to be
constantly throwing up dialogs demanding I reauthenticate to the various
services I had told it about.
Maybe I'll have to try it again and just not tell it about any of my
accounts if it still keeps forgetting them.
All of which is something of a change from the current six month
cycle with the client certificates.
True, but getting a new ticket once a week doesn't seem like that big a
deal to me. We can of course adjust it if desired.
Well my problem is that currently my FAS password is a long character
random string that is known only to my web browser's password manager.
Opening that every six months to copy and paste the password is one
thing but I'm not going to be doing that every day/week, so
realistically that's going to mean switching to a much simpler password
that I can remember.
Tom
--
Tom Hughes (tom@xxxxxxxxxx)
http://compton.nu/
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
