Renewable Tickets
Eric Andresen
eandres at mars.asu.edu
Mon Oct 25 16:28:32 EDT 2004
On Mon, 2004-10-25 at 13:13, Phil Dibowitz wrote:
> On Mon, Oct 25, 2004 at 04:07:43PM -0400, Rachel Elizabeth Dillon wrote:
> > Do you have something like this in /etc/krb5kdc/kdc.conf (or wherever
> > your kdc configuration files live) :
> >
> > max_renewable_life = 7d 0h 0m 0s
>
> Yup - from my original post:
>
> My kdc.conf has (among other things):
>
> max_life = 10h 0m 0s
> max_renewable_life = 7d 0h 0m 0s
> default_principal_flags = +forwardable,+renewable
>
> > ? I don't have anything in my /etc/krb5.conf about renewable times,
> > and I can kinit -R successfully. Other than that my configuration is
>
> I wouldn't think anything would be needed in krb5.conf either, but I was
> desperate.
>
> > out of the box MIT Kerberos, at least with regard to renewable tickets.
> > Were I on your position, I would try taking out all of the extra lines
> > about renewable tickets, restart everything, and try again; I think
> > renewable tickets work by default, based on the documentation I just
> > went and glanced at.
>
> I did. I stripped krb5.conf down and tried again... same thing.
Try adding this small patch to your krb5 distribution -- it enables
kinit to look up default values for lifetime, renew lifetime, and
forwardable from the kinit and libdefaults sections.
--
Eric Andresen
Systems Administrator
Mars Space Flight Facility
Arizona State University
eandres at mars.asu.edu
(480) 727-8471
-------------- next part --------------
A non-text attachment was scrubbed...
Name: krb5-1.3-kinit-appdefaults.patch
Type: text/x-patch
Size: 1761 bytes
Desc: not available
Url : http://mailman.mit.edu/pipermail/kerberos/attachments/20041025/5a7da9d2/attachment.bin
More information about the Kerberos
mailing list