Default ticket lifetime
Russ Allbery
rra at stanford.edu
Wed Jun 29 00:36:42 EDT 2005
Ryan Underwood <nemesis-lists at icequake.net> writes:
> From the Changelog, it looks like this was disabled sometime in 1996 and
> never revisited. But this is what I was referring to in my original
> post. Was this a bad idea for some reason?
It looks more like an effort was made to add it, but never really
finished.
Anyway, that's libdefaults. Looking at the source of kinit for 1.4, it
sure looks like my original message was *supposed* to be right:
#define KINIT_DEFAULT_LIFE "default_lifetime"
[...]
/* Lifetime */
default_list[KINIT_LIFETM_INDEX].option = KINIT_DEFAULT_LIFE ;
default_list[KINIT_LIFETM_INDEX].default_value = "10hrs" ;
default_list[KINIT_LIFETM_INDEX].parse_function = krb5_string_to_deltat ;
default_list[KINIT_LIFETM_INDEX].store =(void *) &(opts->lifetime);
[...]
if ( k5->me != NULL ) {
rcode = krb5_appdefault_read(k5->ctx,progname,
krb5_princ_realm(k5->ctx,k5->me),
default_list,KINIT_DEFAULT_COUNT);
} else {
rcode = krb5_appdefault_read(k5->ctx,progname,
NULL,
default_list,KINIT_DEFAULT_COUNT);
}
That would be default_lifetime in [appdefaults]. Are you sure that you
have the time specification syntax right?
--
Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>
More information about the Kerberos
mailing list