Renewable Tickets

Phil Dibowitz phil at
Mon Oct 25 16:13:45 EDT 2004

On Mon, Oct 25, 2004 at 04:07:43PM -0400, Rachel Elizabeth Dillon wrote:
> Do you have something like this in /etc/krb5kdc/kdc.conf (or wherever 
> your kdc configuration files live) :
> max_renewable_life = 7d 0h 0m 0s

Yup - from my original post:

    My kdc.conf has (among other things):

                 max_life = 10h 0m 0s
                 max_renewable_life = 7d 0h 0m 0s
                 default_principal_flags = +forwardable,+renewable

> ? I don't have anything in my /etc/krb5.conf about renewable times,
> and I can kinit -R successfully. Other than that my configuration is

I wouldn't think anything would be needed in krb5.conf either, but I was

> out of the box MIT Kerberos, at least with regard to renewable tickets.
> Were I on your position, I would try taking out all of the extra lines
> about renewable tickets, restart everything, and try again; I think
> renewable tickets work by default, based on the documentation I just
> went and glanced at. 

I did. I stripped krb5.conf down and tried again... same thing.

Phil Dibowitz
Systems Architect and Administrator
Enterprise Infrastructure / ISD / USC
UCC 174 - 213-821-5427

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url :

More information about the Kerberos mailing list