default ticket lifetime
Douglas E. Engert
deengert at anl.gov
Thu Mar 13 09:04:13 EST 2003
Klaas Hagemann wrote:
>
> Jens Kleineheismann schrieb:
> > Hi there,
> Hi Jens,
>
> there are tree points where the ticket lifetime is defined:
> 1. kdc.conf, you checked this
> 2. the principals, you checked this as well
> 3. the /etc/krb5.conf on the client side.
> There you can define a default ticket lifetime.
>
> In the section [libdefaults] you can set
> ticket_lifetime = <<ticket lifetime in seconds>>
But it is hard coded in the MIT 1.2.6 get_in_tkt.c:
859 if (options && (options->flags & KRB5_GET_INIT_CREDS_OPT_TKT_LIFE))
860 request.till += options->tkt_life;
861 else
862 request.till += 10*60*60; /* this used to be hardcoded in kinit.c */
so it looks like the [libdefaults] is not used.
>
> Anyway the lowest value always wins.
>
> Klaas
> > ________________________________________________
> > Kerberos mailing list Kerberos at mit.edu
> > https://mailman.mit.edu/mailman/listinfo/kerberos
> >
>
> ________________________________________________
> Kerberos mailing list Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
--
Douglas E. Engert <DEEngert at anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
More information about the Kerberos
mailing list