ticket lifetime?

Sam Hartman hartmans at MIT.EDU
Wed Jul 3 12:26:27 EDT 2002


>>>>> "Klaas" == Klaas Hagemann <kerberos at northsailor.de> writes:

    Klaas> Hi, how is the ticket lifetime of the tgt specified?  I
    Klaas> first do kinit to get a ticket manually.  Using klist, the
    Klaas> ticket lifetime is always one hour, it does not make any
    Klaas> effekt, which value i take for ticket_lifetime in the
    Klaas> libdefaults section in krb5.conf.

First, we believe that this value in krb5.conf has no effect and was
left there as a mistake.

I believe kinit always asks for 10-hour tickets.

The lifetime of a ticket you get back from the KDC is roughly min
(lifetime of client, lifetime of service, requested lifetime).  That
means your tgt should be 1 hour only if the tgt lifetime (lifetime
associated wit the krbtgt/REALM at REALM principal) or client lifetime is
one hour.


That's a description of the way things are; clearly we could improve
things to be easier to deal with.





More information about the Kerberos mailing list