Ticket lifetimes > 10 hrs?
RCU
nemesis at icequake.no_spam.net
Fri Nov 15 22:24:17 EST 2002
> nemesis> Yes; I have set the following principals to issue 7d tickets:
> nemesis> krbtgt/MYREALM
> nemesis> afs
> nemesis> K/M
> nemesis> krbadm
> nemesis> username (of the user)
>
> Interesting. Given what you've done, it should be possible to kinit
> as the user and get a lifetime up to 7 days. What is the the output
> of the kadmin "getprinc" command for the principals you listed above?
kadmin.local: getprinc krbtgt/MYREALM.NET
Principal: krbtgt/MYREALM.NET at MYREALM.NET
Expiration date: [never]
Last password change: [never]
Password expiration date: [none]
Maximum ticket life: 30 days 00:00:00
Maximum renewable life: 30 days 00:00:00
Last modified: Tue Nov 12 20:54:53 CST 2002 (aurora.host/admin at MYREALM.NET)
Last successful authentication: [never]
Last failed authentication: [never]
Failed password attempts: 0
Number of keys: 3
Key: vno 1, Triple DES cbc mode with HMAC/sha1, no salt
Key: vno 1, DES cbc mode with CRC-32, no salt
Key: vno 1, DES cbc mode with RSA-MD5, no salt
Attributes: REQUIRES_PRE_AUTH
Policy: [none]
Principal: afs at MYREALM.NET
Expiration date: [never]
Last password change: Sun Oct 20 21:34:43 CDT 2002
Password expiration date: [none]
Maximum ticket life: 7 days 00:00:00
Maximum renewable life: 7 days 00:00:00
Last modified: Tue Nov 12 14:18:51 CST 2002 (aurora.host/admin at MYREALM.NET)
Last successful authentication: [never]
Last failed authentication: [never]
Failed password attempts: 0
Number of keys: 1
Key: vno 1, DES cbc mode with CRC-32, no salt
Attributes:
Policy: [none]
Principal: krbadm at MYREALM.NET
Expiration date: [never]
Last password change: Tue Oct 08 22:05:47 CDT 2002
Password expiration date: [none]
Maximum ticket life: 30 days 00:00:00
Maximum renewable life: 30 days 00:00:00
Last modified: Tue Nov 12 20:57:07 CST 2002 (aurora.host/admin at MYREALM.NET)
Last successful authentication: [never]
Last failed authentication: [never]
Failed password attempts: 0
Number of keys: 6
Key: vno 1, Triple DES cbc mode with HMAC/sha1, no salt
Key: vno 1, DES cbc mode with CRC-32, no salt
Key: vno 1, DES cbc mode with RSA-MD5, Version 4
Key: vno 1, DES cbc mode with RSA-MD5, Version 5 - No Realm
Key: vno 1, DES cbc mode with RSA-MD5, Version 5 - Realm Only
Key: vno 1, DES cbc mode with RSA-MD5, AFS version 3
Attributes: REQUIRES_PRE_AUTH
Policy: [none]
Principal: K/M at MYREALM.NET
Expiration date: [never]
Last password change: [never]
Password expiration date: [none]
Maximum ticket life: 30 days 00:00:00
Maximum renewable life: 30 days 00:00:00
Last modified: Tue Nov 12 20:55:59 CST 2002 (aurora.host/admin at MYREALM.NET)
Last successful authentication: [never]
Last failed authentication: [never]
Failed password attempts: 0
Number of keys: 1
Key: vno 1, Triple DES cbc mode with HMAC/sha1, no salt
Attributes: DISALLOW_ALL_TIX REQUIRES_PRE_AUTH
Policy: [none]
Principal: nemesis at MYREALM.NET
Expiration date: [never]
Last password change: Tue Oct 08 22:30:34 CDT 2002
Password expiration date: [none]
Maximum ticket life: 7 days 00:00:00
Maximum renewable life: 7 days 00:00:00
Last modified: Tue Nov 12 14:12:36 CST 2002 (aurora.host/admin at MYREALM.NET)
Last successful authentication: [never]
Last failed authentication: [never]
Failed password attempts: 0
Number of keys: 6
Key: vno 1, Triple DES cbc mode with HMAC/sha1, no salt
Key: vno 1, DES cbc mode with CRC-32, no salt
Key: vno 1, DES cbc mode with RSA-MD5, Version 4
Key: vno 1, DES cbc mode with RSA-MD5, Version 5 - No Realm
Key: vno 1, DES cbc mode with RSA-MD5, Version 5 - Realm Only
Key: vno 1, DES cbc mode with RSA-MD5, AFS version 3
Attributes: REQUIRES_PRE_AUTH
Policy: [none]
Some of the principals are set to 30d expiration as I wanted a longer
default time under some circumstances.
More information about the Kerberos
mailing list