Help with ticket expiry
Ken Hornstein
kenh at cmf.nrl.navy.mil
Fri Sep 22 14:15:06 EDT 2006
> From the posts I've discovered this should be all I need do to increase
>the expire for the principal "ayoung". Any thoughts? Thanks much!
The information you read was wrong.
You need to increase the following things:
- The expiration time on the user principal (which you did)
- The expiration time on the krbtgt principal (which you did do)
- The "max_life" parameter in kdc.conf (which it does not look like you did)
You should also probably change the expiration time on all of your service
principals as well.
I am not convinced "ticket_lifetime" is necessarily correct, but I would
do "kinit -l 72h" to be extra sure.
--Ken
More information about the Kerberos
mailing list