Strange problem with ticket renewal
Miroslav Zubcic
mvz at crol.net
Sun Mar 3 06:46:57 EST 2002
Hi all.
I'm having trouble with renewable tickets, that is:
klist
Ticket cache: FILE:/tmp/krb5cc_504
Default principal: mvz at CROL.NET
Valid starting Expires Service principal
03/03/02 12:29:08 03/03/02 22:29:08 krbtgt/CROL.NET at CROL.NET
^^^^^^^^^^^^^^^^^^
renew until 03/03/02 12:29:08
^^^^^^^^^^^^^^^^^^
No matter what I put in kdc.conf and restart krb5kdc, destroy old
ticket and request new one with "kinit -f -r 7d" ...
In [realms] section (kdc.conf) I have this:
max_life = 1d 12h 0m 0s
max_renewable_life = 7d 0h 0m 0s
kinit -R will give me this:
kinit -R
kinit(v5): Ticket expired while renewing credentials
... couple of seconds after obtaining new ticket.
getprinc under kadmin is telling me this:
[...]
Maximum ticket life: 1 day 00:00:00
Maximum renewable life: 4 days 00:00:00
[...]
What I'm doing wrong? My system clocks on servers are sinhronized in
one second, system is RedHat 7.2 Linux 2.4.14, with MIT kerberos 1.2.3.
I don't know what to try next, I'm sure that I'm writing config in
right kdc.conf:
strings /opt/kerberos/sbin/krb5kdc | grep "^/"
/lib/ld-linux.so.2
/opt/kerberos/lib
/dev/console
/var/kerberos/krb5kdc/principal
/var/kerberos/krb5kdc/kdc.conf
--
This signature intentionally left blank
More information about the Kerberos
mailing list