kerberos ticket lifetime in Heimdal

Victor Sudakov vas at mpeks.no-spam-here.tomsk.su
Wed Jan 2 01:31:08 EST 2008


Russ Allbery wrote:

> > Running "kinit -l3d" or setting ticket_lifetime in krb5.conf results
> > in TGT's lifetime being 3 days, however all service tickets' lifetime
> > is still 1 day, like this:
> >
> >   Issued           Expires          Principal
> > Jan  2 09:27:44  Jan  5 09:27:44  krbtgt/SIBPTUS.TOMSK.RU at SIBPTUS.TOMSK.RU
> > Jan  2 09:27:47  Jan  3 09:27:47  host/big.sibptus.tomsk.ru at SIBPTUS.TOMSK.RU
> >
> > How can I configure Kerberos so that all service tickets also get a
> > lifetime of 3 days?

> You probably need to change the maximum ticket lifetime for all of those
> principals in the KDC.

Thank you, it worked.

Is there a way to set the default maximum ticket lifetime for all
newly created principals?

I usually create new host principals by running "ktutil get" on the
host itself.

-- 
Victor Sudakov,  VAS4-RIPE, VAS47-RIPN
2:5005/49 at fidonet http://vas.tomsk.ru/



More information about the Kerberos mailing list