Renewable Tickets

Eric Andresen eandres at mars.asu.edu
Mon Oct 25 16:28:32 EDT 2004


On Mon, 2004-10-25 at 13:13, Phil Dibowitz wrote:
> On Mon, Oct 25, 2004 at 04:07:43PM -0400, Rachel Elizabeth Dillon wrote:
> > Do you have something like this in /etc/krb5kdc/kdc.conf (or wherever 
> > your kdc configuration files live) :
> > 
> > max_renewable_life = 7d 0h 0m 0s
> 
> Yup - from my original post:
> 
>     My kdc.conf has (among other things):
> 
>                  max_life = 10h 0m 0s
>                  max_renewable_life = 7d 0h 0m 0s
>                  default_principal_flags = +forwardable,+renewable
> 
> > ? I don't have anything in my /etc/krb5.conf about renewable times,
> > and I can kinit -R successfully. Other than that my configuration is
> 
> I wouldn't think anything would be needed in krb5.conf either, but I was
> desperate.
> 
> > out of the box MIT Kerberos, at least with regard to renewable tickets.
> > Were I on your position, I would try taking out all of the extra lines
> > about renewable tickets, restart everything, and try again; I think
> > renewable tickets work by default, based on the documentation I just
> > went and glanced at. 
> 
> I did. I stripped krb5.conf down and tried again... same thing.

Try adding this small patch to your krb5 distribution -- it enables
kinit to look up default values for lifetime, renew lifetime, and
forwardable from the kinit and libdefaults sections.

-- 
   Eric Andresen
   Systems Administrator
   Mars Space Flight Facility
   Arizona State University
   eandres at mars.asu.edu
   (480) 727-8471
-------------- next part --------------
A non-text attachment was scrubbed...
Name: krb5-1.3-kinit-appdefaults.patch
Type: text/x-patch
Size: 1761 bytes
Desc: not available
Url : http://mailman.mit.edu/pipermail/kerberos/attachments/20041025/5a7da9d2/attachment.bin


More information about the Kerberos mailing list