Unable to change lifetime with MIT krb5

vandegrift@gmail.com vandegrift at gmail.com
Sun Jan 27 22:01:17 EST 2008


Hi everyone,

I have a simple MIT Kerberos config.  One KDC/KAS, a handful of
client.  I have a principal that I'd like to allow 24h expiration
times on tickets.

My kdc.conf has "max_life = 24h 0m 0s", but if I run "kinit -l 24h", I
still get the default 10h expiration time.

I noticed that the principal had been created with a 10h max life, so
I did "modprinc -maxlife '24 hours' ross".  The new lifetime is
reflected in the getprinc output.

Still, kinit only gets me a 10h ticket.  What gives?

I'm using the krb5 packages from Debian, if that makes a difference.
Thanks!

Ross



More information about the Kerberos mailing list