Updating delegated Kerberos credentials through SSH using GSSAPIRenewalForcesRekey

view full story

http://serverfault.com – I've been investigating options for minimizing the amount of credentials that need to be retyped as credentials expire. One of the big problems I'm having now is dealing with delegated credentials, which interferes with long-running SSH sessions. It seems like the GSSAPIRenewalForcesRekey and GSSAPIStoreCredentialsOnRekey options do exactly what I want - when a client renews its ticket, the credentials would be re-sent to the server. However, the options appear to have no effect at all. For example, once I set up an SSH connection, I expect that running kinit or kinit -R would eventually r (HowTos)