Ticket lifetimes > 10 hrs?
Mike Friedman
mikef at ack.Berkeley.EDU
Thu Nov 14 13:25:19 EST 2002
On Thu Nov 14 10:17:42 2002, Ken Hornstein said:
>>I seem to be having the same problem. I'm running krb5-1.2.5. I changed my
>>kdc.conf so that max_life = 25h 0m 0s. I then restarted kadmind and created
>>a test principal. Sure enough, its max life was 25 hours. But when I did a
>>'kinit -l 20h' for the principal, I got a TGT which would expire in 10 hours!
>>
>>I took a look at the max life for my krbtgt/<REALM> and it's 21:15:00 (which
>>is what it was before I changed kdc.conf). So, what else should I be looking
>>at?
>
> Did you restart your KDC as well?
Oops, no I hadn't! So, I just restarted krb5kdc and that seems to do it.
Of course, I still can't get a TGT with a lifetime greater than 21:15:00,
which is the max life set for my krbtgt principal. But at least I know
that 'kinit -l' isn't broken.
Thanks.
Mike
------------------------------------------------------------------------------
Mike Friedman System and Network Security
mikef at ack.Berkeley.EDU 2484 Shattuck Avenue
1-510-642-1410 University of California at Berkeley
http://ack.Berkeley.EDU/~mikef http://security.berkeley.edu
------------------------------------------------------------------------------
More information about the Kerberos
mailing list