Unable to change lifetime with MIT krb5
vandegrift@gmail.com
vandegrift at gmail.com
Sun Jan 27 22:01:17 EST 2008
Hi everyone,
I have a simple MIT Kerberos config. One KDC/KAS, a handful of
client. I have a principal that I'd like to allow 24h expiration
times on tickets.
My kdc.conf has "max_life = 24h 0m 0s", but if I run "kinit -l 24h", I
still get the default 10h expiration time.
I noticed that the principal had been created with a 10h max life, so
I did "modprinc -maxlife '24 hours' ross". The new lifetime is
reflected in the getprinc output.
Still, kinit only gets me a 10h ticket. What gives?
I'm using the krb5 packages from Debian, if that makes a difference.
Thanks!
Ross
More information about the Kerberos
mailing list