kerberos kinit implementations, support a "-r" option which allows users to
obtain a renewable ticket.
/usr/bin/kinit [-ARvV] [-p | -P] [-f | -F] [-a] [-c cache_name]
[-C] [-E] [-k [-t keytab_file]] [-l lifetime]
[-r renewable_life] [-s start_time] [-n] [-S service_name]
[-X attribute[=value]] [-T armor_ccache] [principal]
But Java's kinit implementation does not allow for a renewable options
C:\Program Files\Java\jdk1.7.0_55\bin>kinit.exe -help
Usage: kinit [-A] [-f] [-p] [-c cachename] [[-k [-t keytab_file_name]]
available options to Kerberos 5 ticket request:
-A do not include addresses
-c cache name (i.e., FILE:\d:\myProfiles\mykrb5cache)
-k use keytab
-t keytab file name
principal the principal name (i.e., qweadf@ATHENA.MIT.EDU qweadf)
password the principal's Kerberos password
Also,Can we add an extra function along with "renewable" that allows users to
set the expiry time please? That is the "-l" option, which can be used to set
the lifetime of the kerberos ticket. Here is the extract from the krb5 spec:
(Time duration string.) Requests a ticket with the lifetime "lifetime".
For example, kinit -l 5:30 or kinit -l 5h30m
If the -l option is not specified, the default ticket lifetime (configured by each site) is used.
Specifying a ticket lifetime longer than the maximum ticket lifetime
(configured by each site) will not override the configured maximum ticket lifetime.
Also, I noticed that Java Kinit doesn't honour the krb5.conf setting
"ticket_lifetime" or "renew_lifetime". Not sure if it's something you want to
support in Java, thought I would mention this as well.