kerberos ticket lifetime in Heimdal

Russ Allbery rra at stanford.edu
Tue Jan 1 23:29:44 EST 2008


Victor Sudakov <vas at mpeks.no-spam-here.tomsk.su> writes:

> Running "kinit -l3d" or setting ticket_lifetime in krb5.conf results
> in TGT's lifetime being 3 days, however all service tickets' lifetime
> is still 1 day, like this:
>
>   Issued           Expires          Principal
> Jan  2 09:27:44  Jan  5 09:27:44  krbtgt/SIBPTUS.TOMSK.RU at SIBPTUS.TOMSK.RU
> Jan  2 09:27:47  Jan  3 09:27:47  host/big.sibptus.tomsk.ru at SIBPTUS.TOMSK.RU
>
> How can I configure Kerberos so that all service tickets also get a
> lifetime of 3 days?

You probably need to change the maximum ticket lifetime for all of those
principals in the KDC.

-- 
Russ Allbery (rra at stanford.edu)             <http://www.eyrie.org/~eagle/>



More information about the Kerberos mailing list