kerberos ticket lifetime in Heimdal
Victor Sudakov
vas at mpeks.no-spam-here.tomsk.su
Wed Jan 2 01:31:08 EST 2008
Russ Allbery wrote:
> > Running "kinit -l3d" or setting ticket_lifetime in krb5.conf results
> > in TGT's lifetime being 3 days, however all service tickets' lifetime
> > is still 1 day, like this:
> >
> > Issued Expires Principal
> > Jan 2 09:27:44 Jan 5 09:27:44 krbtgt/SIBPTUS.TOMSK.RU at SIBPTUS.TOMSK.RU
> > Jan 2 09:27:47 Jan 3 09:27:47 host/big.sibptus.tomsk.ru at SIBPTUS.TOMSK.RU
> >
> > How can I configure Kerberos so that all service tickets also get a
> > lifetime of 3 days?
> You probably need to change the maximum ticket lifetime for all of those
> principals in the KDC.
Thank you, it worked.
Is there a way to set the default maximum ticket lifetime for all
newly created principals?
I usually create new host principals by running "ktutil get" on the
host itself.
--
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
2:5005/49 at fidonet http://vas.tomsk.ru/
More information about the Kerberos
mailing list