Unable to to get a TGT that abides to specified renewal interval
Jeffrey Altman
jaltman2 at nyc.rr.com
Sat Oct 15 11:36:10 EDT 2005
vtkstef wrote:
> Hi,
>
> I am having problems to get TGTs with renewal periods as specified in
> kinit -r option. My kdc.conf realm stanza has these two paramters set:
>
> max_life = 10h 0m 0s
> max_renewable_life = 7d 0h 0m 0s
>
> I have explicitely set forwadable flag in the realms
> default_principal_flags parameter
> I have played with various values in /etc/krb5.conf [libdefault] stanza
> renew_lifetime,and ticket_lifetime values, and I have set the principal
> -maxrenewlife to 7 days. Still whenever I do a kinit -l 10h -r 7d my
> renew untill timestamp is the same as the ticket creation one:
>
> stefano at filo2 ~ $ klist -fc
> Ticket cache: FILE:/tmp/krb5cc_1000
> Default principal: stefano at SANTORO.ORG
>
> Valid starting Expires Service principal
> 10/15/05 03:51:29 10/15/05 13:51:29 krbtgt/SANTORO.ORG at SANTORO.ORG
> renew until 10/15/05 03:51:29, Flags: RI
>
> I would really appreciate any insights to solve this riddle.
>
> Ciao
> Stefano
Check the lifetime settings for the krbtgt/SANTORO.ORG at SANTORO.ORG and
stefano at SANTORO.ORG principals in the KDB.
Jeffrey Altman
--
-----------------
This e-mail account is not read on a regular basis.
Please send private responses to jaltman at mit dot edu
More information about the Kerberos
mailing list