Default Ticket Lifetime

[Jens Kleineheismann]

Moin,

Dennis James <dlj at swbell.net> wrote:
> I am trying to set the default ticket lifetime but nothing works.
> The kinit command seems to ignore the -l option and sets the lifetime to
> 10 hours. Anyone have any ideas?
MIT, Heimdal or Win?

I assume, you want to increase the lifetime, don't you.

For the MIT implementation, the maximum ticket lifetime is stored
for every principal. Thus, you have to set the 'maxlife' parameter
for any user and service principal via kadmin.
The max_life option within the KDC config is only the default value
if you create a new principal.

Then it should be possible to obtain a ticket with a longer lifetime
via 'kinit -l ...'.

If no '-l ...' is given, the default lifetime, that kinit request,
is hardcoded in the client code (look for '10*60*60').


hope this helps,
		Jens



-- 
-----BEGIN GEEK CODE BLOCK-----
Version: 3.1
GCS d- s-:-- a- C++(---) UL++++$ P@ L+++ E--- W(--) N++ o? K? w--- O
M- !V PS+++ PE Y+ PGP+ t 5- X- R* tv-- b++ DI-- D---- G e h++ !r !y
------END GEEK CODE BLOCK------