[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Ticket and SA lifetime (Re: kink-09)

To: "KAMADA Ken'ichi" <kamada@xxxxxxxxxx>
Subject: Re: Ticket and SA lifetime (Re: kink-09)
From: Ken Raeburn <raeburn@xxxxxxx>
Date: Fri, 30 Sep 2005 15:02:31 -0400
Cc: ietf-kink@xxxxxxxx
In-reply-to: <>
List-archive: <http://www.vpnc.org/ietf-kink/mail-archive/>
List-id: <ietf-kink.vpnc.org>
List-unsubscribe: <mailto:ietf-kink-request@vpnc.org?body=unsubscribe>
References: <> <>
Sender: owner-ietf-kink@xxxxxxxxxxxxx

On Sep 13, 2005, at 21:24, KAMADA Ken'ichi wrote:

Do you assume that the SA lifetime is truncated to the ticket endtime?

For some reason I was thinking it was, but now I see nothing in the draft to support that.

Is the lifetime of application session limited to the service ticket
in usual Kerberized applications?
I.e., if I (kerberized-)telnet to a remote host with a service ticket,
what will happen when the ticket expires?  Is the telnet session
disconnected?
# I can't find something on this in RFC 4120 or RFC 2942.

It depends on the application. Sometimes the session dies immediately, sometimes the session is kept open indefinitely.

Sorry, I should've checked more closely....

Ken

Follow-Ups:
- Re: Ticket and SA lifetime (Re: kink-09)
  - From: Michael Thomas

References:
- kink-09
  - From: Ken Raeburn
- Ticket and SA lifetime (Re: kink-09)
  - From: KAMADA Ken'ichi

Prev by Date: Re: Ticket and SA lifetime (Re: kink-09)
Next by Date: Re: Ticket and SA lifetime (Re: kink-09)
Previous by thread: Re: Ticket and SA lifetime (Re: kink-09)
Next by thread: Re: Ticket and SA lifetime (Re: kink-09)
Index(es):
- Date
- Thread