Unable to change Kerberos Ticket Life and Renewal Life
Gaurav Dasgupta
gdsayshi at gmail.com
Thu Apr 18 02:45:06 EDT 2013
Hi All,
I have MIT Kerberos setup in a CentOS 6 cluster. Everything is working fine
except one thing. I want to change the default ticket life for all the
principals and their renewal time also. For that I have first changed the *
/etc/krb5.conf* to change the value of *ticket_lifetime = 7d* and
*renew_lifetime
= 30d*.
Then I restarted the *krb5kdc* and *kadmin* services. Then, from the *
Kadmin.local* shell, I used the following commands:
modprinc -maxrenewlife 7day krbtgt/MY_REALM
modprinc -maxrenewlife 7day +allow_renewable gaurav
*Note*: *krbtgt/MY_REALM* is the default service principal and *gaurav* is
a user principal.
Now, when I am doing *kinit* for *gaurav*, and then *klist* to check the
ticket details, I cannot see the new ticket_lifetime and renew_lifetime
reflected. Its showing the old (default) values of 24h (ticket_lifetime)
and 7d (renew_lifetime).
I have also tried the command: *kinit -l 7d*. But this is also not working.
Can someone tell me that how else I can change the ticket_lifetime and
renew_lifetime for all the principals?
Thanks,
Gaurav
More information about the Kerberos
mailing list