Maximum ticket lifetimes?

Eric Jonas jonas at MIT.EDU
Thu Nov 18 08:59:41 EST 2004


I have deployed an MIT kerberos KDC in my lab, and am attempting to
lengthen the ticket lifetime to a full day (this is using debian stable,
kerberos version  1.2.4-5woody6).


I've edited  /etc/krb5kdc/kdc.conf to have max_life = 24h

and via kadmin:
modprinc -maxlife "1 day" krbtgt/MWL.AI.MIT.EDU at MWL.AI.MIT.EDU
modprinc -maxlife "1 day" jonas at MWL.AI.MIT.EDU

getprinc shows that both of these were successful. Then I restarted the
kdc and kdc-admin processes on the kdc.

I'm really stumped at this point because all the mailing list posts with
these questions highlighted the importance of changing the maximum life on
the above tickets as well as the kdc, which I've done.

Is there something obvious I'm missing, or someplace I should look for
more data? Also, is there someplace I can set the "24h" to be the maximum
lifetime for all tickets created in the future?

Thanks,
		...Eric Jonas


More information about the Kerberos mailing list