i have created a userPrincipal in kdc and set its max life 30 seconds using following command:
modprinc -maxlife 30seconds -maxrenewlife 1minutes +allow_renewable testUser/domain@REALM
when i create a ticket for this user in java program, its showing expiration time 30sec with help of sun.security.krb5.debug property, but strangely this user is able to fetch data for more than 30 sec, i tried for 5 minutes at max. Can anyone help me to understand from where that ticket is getting renewed.
The java program which I have written is created a ticket using
and then fetching data from hbase using scan object.
Check your ticket cache to see if it is still valid. The other thing you can do is if you are done with a ticket just use kdestroy to clean up the ticket cache in your script.
[root@chupa1 ~]# klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: dav@CHUPA.COM Valid starting Expires Service principal 01/03/17 23:46:33 01/04/17 23:46:33 krbtgt/CHUPA.COM@CHUPA.COM renew until 01/03/17 23:46:33