ticket lifetimes
Derek Yarnell
derek at cs.umd.edu
Tue May 21 13:30:10 EDT 2002
Nicolas.Williams at ubsw.com wrote:
> Actually, clients' requested ticket lifetimes depend on other factors.
>
> The get_int_tkt_with*() APIs set the requested ticket lifetime as per its creds argument.
>
> The get_init_creds*() APIs default the requested lifetime to 10 hours, but this can be set by the caller separately.
>
> Non-initial tickets' lifetimes are bounded by the TGTs used to get them.
>
> There's code in init_ctx.c that has been ifdef'ed out for setting the default client max ticket life in krb5.conf...
>
#if 0
/* Default ticket lifetime is currently not supported */
profile_get_integer(ctx->profile, "libdefaults", "tkt_lifetime",
0, 10 * 60 * 60, &tmp);
ctx->tkt_lifetime = tmp;
#endif
This is what you are talking about... right?
It looks like profile_get_integer is writen in (src/util/profile/prof_get.c)
But only called so far in init_ctx.c... anyone want to comment on its
status?
More information about the Kerberos
mailing list