I have to renew tickets manually in my server terminal for users to have access to their mail accounts. I am using kerberos as a login authentication to access a local mail server. My local machine has a name of remote.X.pt and is providing mail to a domain of X.pt (@X.pt) which is being used in my ISP mail server. Right now I am just able to send mail from my mail clients, but I have not figure out yet how to receive mail; but I believe that the problem may not be related to this.
There is a timeout on tickets, and users can no longer use their accounts.
Another basic thing that I dont understand is, is there not supposed to be a ticket per person–if no, then why when I do kinit for several users and then klist, I only see the last ticket placed–or is there a credential per user and a ticket for several credentials?
How can I renew the tickets/credentials automatically when users try to login from their clients?
Best Answer
Most likely the clocks are out of sync on your clients and servers, or they are using different NTP Servers, or the ticket-life is way too short in your Kerberos settings; it explains how to extend Kerberos ticket life in this Apple forum on Kerberos.
The link above covers some of the most-very-basic problems in configuration. I would recommend doing some research of your own and also seeing if you have the mail server configuration correct, because you have many other options for authentication that are simpler for many users (for example Open Directory).
Pending more information about your complete authentication method as commented above, it sounds like there are problems with your Kerberos setup. As well, your question contains many sub-questions which are more suitable to a wiki or to break out into more separate questions after you know more about serving mail on OSX Server in general. There is quite a bit of duplicate discussion about klist online, including even here on https://serverfault.com/search?q=klist.