krb5.conf variations, was: Renewable Tickets
Henry B. Hotz
hotz at jpl.nasa.gov
Thu Oct 28 18:15:14 EDT 2004
On Oct 25, 2004, at 4:04 PM, kerberos-request at mit.edu wrote:
> First, I'd like to mention I was mistaken when I said the 'libdefaults'
> section, I meant 'appdefaults', such as:
>
> [appdefaults]
> ticket_lifetime = 30days
> renew_lifetime = 180days
>
> or alternatively, within a 'kinit' subgroup.
I'm running with:
[appdefaults]
renewable = true
[libdefaults]
renew_lifetime = 7d
on my Solaris clients and it seems to do the right thing (against a
Heimdal kdc). Looking at the Solaris 9 krb5.conf man page I see
max_renewable_life as an [appdefaults] option, but nothing else.
Perhaps the renew_lifetime line isn't needed?
I suspect the renew_lifetime line is a carryover from some other
krb5.conf. In Heimdal it can go in either section and "7d" is OK (vice
7days).
An MIT 1.3 man page does not mention max_renewable_life, and puts
renew_lifetime in [libdefaults] only.
I suppose I shouldn't complain. Everyone really is pretty compatible
if you're willing to deal with the details. That indicates serious
effort on the part of all the implementors, free and commercial alike.
------------------------------------------------------------------------
----
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz at jpl.nasa.gov, or hbhotz at oxy.edu
More information about the Kerberos
mailing list