Maximum ticket lifetimes?
Christian Pfaffel
flash at itp.tu-graz.ac.at
Mon Nov 22 05:51:57 EST 2004
Tillman Hodgson <tillman at seekingfire.com> writes:
> On Thu, Nov 18, 2004 at 08:59:41AM -0500, Eric Jonas wrote:
> > I have deployed an MIT kerberos KDC in my lab, and am attempting to
> > lengthen the ticket lifetime to a full day (this is using debian stable,
> > kerberos version 1.2.4-5woody6).
> >
> > I've edited /etc/krb5kdc/kdc.conf to have max_life = 24h
> >
> > and via kadmin:
> > modprinc -maxlife "1 day" krbtgt/MWL.AI.MIT.EDU at MWL.AI.MIT.EDU
> > modprinc -maxlife "1 day" jonas at MWL.AI.MIT.EDU
> >
> > getprinc shows that both of these were successful. Then I restarted the
> > kdc and kdc-admin processes on the kdc.
>
> Between this paragraph and the next, your testing methods and problem
> description appear to be missing :-)
>
> How are you calling kinit? (e.g., `kinit -l24h`)? What is the output of
> klist?
>
If You are using kinit for testing it might be valueable for You to
now that the default ticket lifetime is coded to be 10h. So without a
parameter (i.e. -l24h) You will always get 10h.
Christian
--
Christian Pfaffel <flash at itp.tu-graz.ac.at>
Technische Universität Graz Telefon: +43 / 316 / 873 - 81 90
Institut für Theoretische Physik Telefax: +43 / 316 / 873 - 86 78
Petersgasse 16, A-8010 Graz http://fubphpc.tu-graz.ac.at/~flash/pubkey.gpg
More information about the Kerberos
mailing list