maxlife parameter not being honored?!
Ken Raeburn
raeburn at MIT.EDU
Wed Jun 9 16:54:26 EDT 2004
The maximum ticket lifetime data is stored in the database for *all*
principals -- the user, the TGS, and the application service. The KDC
will use all of those (as well as the lifetime of the TGT, when getting
additional tickets) in computing the maximum allowable lifetime of
tickets it issues.
Check the max ticket lifetime of krbtgt/YOUR.REALM.NAME, to start with.
If you want longer-lived application service tickets, you'll have to
update those principals as well.
Ken
More information about the Kerberos
mailing list