maxlife parameter not being honored?!

Ken Raeburn raeburn at MIT.EDU
Wed Jun 9 16:54:26 EDT 2004


The maximum ticket lifetime data is stored in the database for *all* 
principals -- the user, the TGS, and the application service.  The KDC 
will use all of those (as well as the lifetime of the TGT, when getting 
additional tickets) in computing the maximum allowable lifetime of 
tickets it issues.

Check the max ticket lifetime of krbtgt/YOUR.REALM.NAME, to start with. 
  If you want longer-lived application service tickets, you'll have to 
update those principals as well.

Ken



More information about the Kerberos mailing list