We have successfully configured SPNEGO with our webapp on JBoss EAP 6.2, Windows Server 2008, and IE10 using JBoss Negotiation.
What is best operational practice for renewing the ticket issued to JBoss to minimize Administrator intervention? The ticket can be renewed programmatically (before ticket endtime) with:
kinit -R
Though that can only be done up until the ticket's renew-til date is reached. Is it best practice to configure the ticket policy to set the renew-til field to something large (weeks,months)? Ultimately at some point after the renew-til time, an administrator will need to enter a password to assign JBoss a new ticket.
Is there better scheme to manage renewal of tickets for JBoss, or is manual administrator intervention at some point after the renew-til date (perhaps during a maintenance window) inevitable?