What are renewable tickets?
One practical problem with Kerberos is that the tickets eventually expire. A practical balance has to be made between the desire to reduce the usefulness of stolen tickets (short lifetime) versus the ease-of-use for the user (long lifetime). This problem becomes a much larger issue when dealing with long-running user processes. Jobs run on some supercomputer systems can run for days or weeks, but having tickets that last that long can be a security nightmare. The compromise for this problem that was introduced in Kerberos 5 is the support for renewable tickets. Renewable tickets have expiration times, like normal tickets. However, they also have a maximum renewable lifetime. A renewable ticket can be renewed by asking the KDC for a new ticket with an extended lifetime. However, the ticket itself has to be valid (in other words, you cannot renew a ticket that has expired; you have to renew it before it expires).
One practical problem with Kerberos is that the tickets eventually expire. A practical balance has to be made between the desire to reduce the usefulness of stolen tickets (short lifetime) versus the ease-of-use for the user (long lifetime). This problem becomes a much larger issue when dealing with long-running user processes. Jobs run on some supercomputer systems can run for days or weeks, but having tickets that last that long can be a security nightmare. The compromise for this problem that was introduced in Kerberos 5 is the support for renewable tickets. Renewable tickets have expiration times, like normal tickets. However, they also have a maximum renewable lifetime. A renewable ticket can be renewed by asking the KDC for a new ticket with an extended lifetime. However, the ticket itself has to be valid (in other words, you cannot renew a ticket that has expired; you have to renew it before it expires). A renewable ticket can be renewed up until the maximum renewable ticket lif
