Unable to get max_life to work over 24 hours
Steve Langasek
vorlon at dodds.net
Mon Oct 6 16:31:20 EDT 2003
On Sun, Oct 05, 2003 at 01:04:39AM -0400, Tony Lill wrote:
> You're missing the fact that the max life is hard coded, and any
> suggestion in the documentation that it's configurable is a bald-faced
> lie! If you want 3 days, you'll have to compile your own.
Er, no. What you do have to do is take into account that the ticket
lifetime granted is the minimum of the requested ticket lifetime, the
KDC's configured maximum, and the per-principal maximum.
--
Steve Langasek
postmodern programmer
> --------------- http://www.ajlc.waterloo.on.ca/ ----------------
> "Welcome to All Things UNIX, where if it's not UNIX, it's CRAP!"
>
> Kreitzer, Ray <Ray.Kreitzer at dcsg.com> wrote:
>
>
> Ray> I am running MIT Kerberos v5-1.2.8. I am attempting to obtain a ticket
> Ray> with a life of 3 days. I have set the max_life = 3d in the kdc.conf and
> Ray> have set the maxlife in the principal to 3d. I run the kinit -l 3d but it
> Ray> seems I can never get a ticket for more than 24 hours. What am I missing?
>
> Ray> ___________________________________
>
> Ray> Ray Kreitzer
> Ray> Sr. Database Administrator
> Ray> Dick's Sporting Goods
> Ray> 200 Industry Drive - RIDC Park West - Pittsburgh, PA 15275
> Ray> Phone (412) 809-0100 x3418 Fax (412) 809-0821
> Ray> Email ray.kreitzer at dcsg.com
More information about the Kerberos
mailing list