Default Ticket Lifetime

Jens Kleineheismann jk at
Mon Jun 16 04:41:40 EDT 2003


Dennis James <dlj at> wrote:
> I am trying to set the default ticket lifetime but nothing works.
> The kinit command seems to ignore the -l option and sets the lifetime to
> 10 hours. Anyone have any ideas?
MIT, Heimdal or Win?

I assume, you want to increase the lifetime, don't you.

For the MIT implementation, the maximum ticket lifetime is stored
for every principal. Thus, you have to set the 'maxlife' parameter
for any user and service principal via kadmin.
The max_life option within the KDC config is only the default value
if you create a new principal.

Then it should be possible to obtain a ticket with a longer lifetime
via 'kinit -l ...'.

If no '-l ...' is given, the default lifetime, that kinit request,
is hardcoded in the client code (look for '10*60*60').

hope this helps,

Version: 3.1
GCS d- s-:-- a- C++(---) UL++++$ P@ L+++ E--- W(--) N++ o? K? w--- O
M- !V PS+++ PE Y+ PGP+ t 5- X- R* tv-- b++ DI-- D---- G e h++ !r !y

More information about the Kerberos mailing list