Ticket lifetimes > 10 hrs?
Ken Hornstein
kenh at cmf.nrl.navy.mil
Thu Nov 14 13:37:22 EST 2002
>Oops, no I hadn't! So, I just restarted krb5kdc and that seems to do it.
>Of course, I still can't get a TGT with a lifetime greater than 21:15:00,
>which is the max life set for my krbtgt principal. But at least I know
>that 'kinit -l' isn't broken.
So, I guess the key is you need to set:
- max_life in kdc.conf
- Restart kdc
- desired lifetime on both client and krbtgt principal (and probably
service principals as well).
--Ken
More information about the Kerberos
mailing list