How to set Kerberos 5 ticket lifetime

Ido Levy IDOL at il.ibm.com
Thu Nov 15 08:39:14 EST 2007


Hello,

I would appreciate your advice on what is the best way to set default
kerberos 5 ticket lifetime
and what are the necessary configuration in the server and the client side.

I tried the following configuration but it didn't seems to work:

Server Side

1) The file kdc.conf -

      I set "max_life = 168h 0m 0s" under the [realms] section.

2) I have also modified the principal and set its maxlife option as follows

            > kadmin.local
            Attempting to bind to one or more LDAP servers. This may take a
while...
            kadmin.local:  modify_principal -maxlife 168hours test at REALM
            Principal "test at REALM" modified.
            kadmin.local:  getprinc test at REALM
            Principal: test at REALM
            Expiration date: [never]
            Last password change:  Thu Nov 15 13:53:50 IST 2007
            Password expiration date: Wed Feb 13 13:53:50 IST 2008
            Maximum ticket life: 7 days 00:00:00
            Maximum renewable life: 7 days 00:00:00
            Last modified: Thu Nov 15 15:32:10 IST 2007
            Last successful authentication: [never]
            Last failed authentication: [never]
            Failed password attempts: 0
            Number of keys: 4
            Key: vno 4, Triple DES cbc mode with HMAC/sha1,
            no salt
            Key: vno 4, ArcFour with HMAC/md5,
            no salt
            Key: vno 4, AES-256 CTS mode with 96-bit SHA-1 HMAC,
            no salt
            Key: vno 4, DES cbc mode with RSA-MD5,
            no salt

            Attributes:
                   REQUIRES_PRE_AUTH
            Policy: default

Linux Client Side:

No special configuration here


Thank you in advance,

Ido Levy
IBM R&D Labs in Israel




More information about the Kerberos mailing list