How to set Kerberos 5 ticket lifetime
Ido Levy
IDOL at il.ibm.com
Thu Nov 15 08:39:14 EST 2007
Hello,
I would appreciate your advice on what is the best way to set default
kerberos 5 ticket lifetime
and what are the necessary configuration in the server and the client side.
I tried the following configuration but it didn't seems to work:
Server Side
1) The file kdc.conf -
I set "max_life = 168h 0m 0s" under the [realms] section.
2) I have also modified the principal and set its maxlife option as follows
> kadmin.local
Attempting to bind to one or more LDAP servers. This may take a
while...
kadmin.local: modify_principal -maxlife 168hours test at REALM
Principal "test at REALM" modified.
kadmin.local: getprinc test at REALM
Principal: test at REALM
Expiration date: [never]
Last password change: Thu Nov 15 13:53:50 IST 2007
Password expiration date: Wed Feb 13 13:53:50 IST 2008
Maximum ticket life: 7 days 00:00:00
Maximum renewable life: 7 days 00:00:00
Last modified: Thu Nov 15 15:32:10 IST 2007
Last successful authentication: [never]
Last failed authentication: [never]
Failed password attempts: 0
Number of keys: 4
Key: vno 4, Triple DES cbc mode with HMAC/sha1,
no salt
Key: vno 4, ArcFour with HMAC/md5,
no salt
Key: vno 4, AES-256 CTS mode with 96-bit SHA-1 HMAC,
no salt
Key: vno 4, DES cbc mode with RSA-MD5,
no salt
Attributes:
REQUIRES_PRE_AUTH
Policy: default
Linux Client Side:
No special configuration here
Thank you in advance,
Ido Levy
IBM R&D Labs in Israel
More information about the Kerberos
mailing list