Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-8707: Infinite kerberos renewal for batch user/group will fail before re-issuing

Centrify DirectControl ,  

11 May,17 at 12:13 AM

Applies to: Centrify Direct Control 5.2.3 - 5.4.0 on all supported platforms. 

Problem:
Infinite kerberos renewal for batch user/group will fail before re-issuing a new ticket. This causes a period of time where the ticket is expired. 

Cause:
The infinite renewal will always try to renew first. Centrify will only re-issue if the renewal attempt fails. This leaves a period of time where the Kerberos ticket is expired and no longer valid before we re-issue a new ticket. 

Resolution:
Upgrade to 2017.1 (5.4.1)

Note:
Ensure the user can read the keytab file.

a. The file keytab_123456 needs the following permissions:
  rwx-r-xr-x
b. The directory, in this case, /var/centrifydc/renewal needs to have the following permissions
  rwxr-xr-x


 

 

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.