Ticket lifetimes > 10 hrs?
Mike Friedman
mikef at ack.Berkeley.EDU
Thu Nov 14 11:09:09 EST 2002
On Wed Nov 13 04:47:57 2002, Sam Hartman said:
> However kinit -l should work.
> Confirm that you can do something like
> kinit -l 22:00:00
> I know that works
>
> Then try bumping up the lifetime until you run into problems and let
> us know where things start breaking.
I seem to be having the same problem. I'm running krb5-1.2.5. I changed my
kdc.conf so that max_life = 25h 0m 0s. I then restarted kadmind and created
a test principal. Sure enough, its max life was 25 hours. But when I did a
'kinit -l 20h' for the principal, I got a TGT which would expire in 10 hours!
I took a look at the max life for my krbtgt/<REALM> and it's 21:15:00 (which
is what it was before I changed kdc.conf). So, what else should I be looking
at?
Mike
------------------------------------------------------------------------------
Mike Friedman System and Network Security
mikef at ack.Berkeley.EDU 2484 Shattuck Avenue
1-510-642-1410 University of California at Berkeley
http://ack.Berkeley.EDU/~mikef http://security.berkeley.edu
------------------------------------------------------------------------------
More information about the Kerberos
mailing list