Unable to get max_life to work over 24 hours
Steve Langasek
vorlon at dodds.net
Thu Oct 16 20:44:26 EDT 2003
On Wed, Oct 15, 2003 at 02:32:17PM -0400, Kreitzer, Ray wrote:
> Steve, I cannot find anywhere that has 24 hours as the "minimum ticket
> lifetime". Can you suggest anywhere else to look? I am assuming that by
> "KDC configured max" you are referring to the settings in krb.conf.
No, it refers to settings in *kdc*.conf, as that's the config file
controlling KDC settings.
> When you say "per-principal max" - which ones are you referring to? I
> can't get the right combination of things to get this to work. No
> matter what I do -- I can't get a ticket > 24 hours.
In MIT realms, there is a per-principal max lifetime that's configured as
a setting on each principal via kadmin.
--
Steve Langasek
postmodern programmer
More information about the Kerberos
mailing list