Strange problem with ticket renewal

Miroslav Zubcic mvz at crol.net
Sun Mar 3 06:46:57 EST 2002


Hi all.

I'm having trouble with renewable tickets, that is:

klist
Ticket cache: FILE:/tmp/krb5cc_504
Default principal: mvz at CROL.NET

Valid starting     Expires            Service principal
03/03/02 12:29:08  03/03/02 22:29:08  krbtgt/CROL.NET at CROL.NET
^^^^^^^^^^^^^^^^^^
        renew until 03/03/02 12:29:08
                    ^^^^^^^^^^^^^^^^^^

No matter what I put in kdc.conf and restart krb5kdc, destroy old
ticket and request new one with "kinit -f -r 7d" ...

In [realms] section (kdc.conf) I have this:

        max_life = 1d 12h 0m 0s
        max_renewable_life = 7d 0h 0m 0s

kinit -R will give me this:

kinit -R
kinit(v5): Ticket expired while renewing credentials

... couple of seconds after obtaining new ticket.

getprinc under kadmin is telling me this:

[...]

Maximum ticket life: 1 day 00:00:00
Maximum renewable life: 4 days 00:00:00

[...]

What I'm doing wrong? My system clocks on servers are sinhronized in
one second, system is RedHat 7.2 Linux 2.4.14, with MIT kerberos 1.2.3.

I don't know what to try next, I'm sure that I'm writing config in
right kdc.conf:

strings /opt/kerberos/sbin/krb5kdc | grep "^/"
/lib/ld-linux.so.2
/opt/kerberos/lib
/dev/console
/var/kerberos/krb5kdc/principal
/var/kerberos/krb5kdc/kdc.conf


-- 
This signature intentionally left blank



More information about the Kerberos mailing list