Renewable Tickets
Ken Raeburn
raeburn at MIT.EDU
Mon Oct 25 15:22:23 EDT 2004
On Oct 25, 2004, at 15:02, Phil Dibowitz wrote:
> [libdefaults]
> ticket_lifetime = 600
This won't do what you think. First, we're not parsing
"ticket_lifetime", despite having some indications around that we do.
Second, the time-interval parsing code requires a unit. (I think both
of these will change in the 1.4 release.)
> But according to the man page, you can put a "renew_lifetime" in the
> libdefaults section which defaults to 0 -- bingo! right? So I changed
> the libdefaults section to:
>
> [libdefaults]
> ticket_lifetime = 600
> renew_lifetime = 700
Try "700s" or "700m".
Also check the properties on the client and service principals
(including the krbtgt principals). I forget whether max renewable
lifetime is one of them, but if it is, it would be set when the
principal is created or when you use "modprinc" in kadmin, and the
config file specifications won't extend it, only (potentially) further
limit it.
Ken
More information about the Kerberos
mailing list