Unable to to get a TGT that abides to specified renewal interval
vtkstef
vtkstef at gmail.com
Sat Oct 15 03:57:10 EDT 2005
Hi,
I am having problems to get TGTs with renewal periods as specified in
kinit -r option. My kdc.conf realm stanza has these two paramters set:
max_life = 10h 0m 0s
max_renewable_life = 7d 0h 0m 0s
I have explicitely set forwadable flag in the realms
default_principal_flags parameter
I have played with various values in /etc/krb5.conf [libdefault] stanza
renew_lifetime,and ticket_lifetime values, and I have set the principal
-maxrenewlife to 7 days. Still whenever I do a kinit -l 10h -r 7d my
renew untill timestamp is the same as the ticket creation one:
stefano at filo2 ~ $ klist -fc
Ticket cache: FILE:/tmp/krb5cc_1000
Default principal: stefano at SANTORO.ORG
Valid starting Expires Service principal
10/15/05 03:51:29 10/15/05 13:51:29 krbtgt/SANTORO.ORG at SANTORO.ORG
renew until 10/15/05 03:51:29, Flags: RI
I would really appreciate any insights to solve this riddle.
Ciao
Stefano
More information about the Kerberos
mailing list