Renewable Tickets
Phil Dibowitz
phil at usc.edu
Mon Oct 25 16:13:45 EDT 2004
On Mon, Oct 25, 2004 at 04:07:43PM -0400, Rachel Elizabeth Dillon wrote:
> Do you have something like this in /etc/krb5kdc/kdc.conf (or wherever
> your kdc configuration files live) :
>
> max_renewable_life = 7d 0h 0m 0s
Yup - from my original post:
My kdc.conf has (among other things):
max_life = 10h 0m 0s
max_renewable_life = 7d 0h 0m 0s
default_principal_flags = +forwardable,+renewable
> ? I don't have anything in my /etc/krb5.conf about renewable times,
> and I can kinit -R successfully. Other than that my configuration is
I wouldn't think anything would be needed in krb5.conf either, but I was
desperate.
> out of the box MIT Kerberos, at least with regard to renewable tickets.
> Were I on your position, I would try taking out all of the extra lines
> about renewable tickets, restart everything, and try again; I think
> renewable tickets work by default, based on the documentation I just
> went and glanced at.
I did. I stripped krb5.conf down and tried again... same thing.
--
Phil Dibowitz
Systems Architect and Administrator
Enterprise Infrastructure / ISD / USC
UCC 174 - 213-821-5427
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://mailman.mit.edu/pipermail/kerberos/attachments/20041025/de17c075/attachment.bin
More information about the Kerberos
mailing list