Unable to change Kerberos Ticket Life and Renewal Life

rohit sarewar rohitsarewar at gmail.com
Thu Apr 18 04:34:37 EDT 2013


Hi Tiago

As an Administrator , how can I renew all principals using a command.
There are large number of principals in my case.

Regards
Rohit Sarewar

On Thu, Apr 18, 2013 at 1:53 PM, Tiago Elvas <tiagoelvas at gmail.com> wrote:

> Hi Gaurav,
>
> I have received great help from this mailing list for the same issue.
> I think you'll find useful information in this topic:
>
> http://serverfault.com/questions/132123/how-to-change-the-kerberos-default-ticket-lifetime
>
> Best regards,
>
> Tiago
>
>
> On Thu, Apr 18, 2013 at 8:45 AM, Gaurav Dasgupta <gdsayshi at gmail.com>
> wrote:
>
> > Hi All,
> >
> > I have MIT Kerberos setup in a CentOS 6 cluster. Everything is working
> fine
> > except one thing. I want to change the default ticket life for all the
> > principals and their renewal time also. For that I have first changed
> the *
> > /etc/krb5.conf* to change the value of *ticket_lifetime = 7d* and
> > *renew_lifetime
> > = 30d*.
> >
> > Then I restarted the *krb5kdc* and *kadmin* services. Then, from the *
> > Kadmin.local* shell, I used the following commands:
> >
> > modprinc -maxrenewlife 7day krbtgt/MY_REALM
> > modprinc -maxrenewlife 7day +allow_renewable gaurav
> >
> > *Note*: *krbtgt/MY_REALM* is the default service principal and *gaurav*
> is
> > a user principal.
> >
> > Now, when I am doing *kinit* for *gaurav*, and then *klist* to check the
> > ticket details, I cannot see the new ticket_lifetime and renew_lifetime
> > reflected. Its showing the old (default) values of 24h (ticket_lifetime)
> > and 7d (renew_lifetime).
> >
> > I have also tried the command: *kinit -l 7d*. But this is also not
> working.
> >
> > Can someone tell me that how else I can change the ticket_lifetime and
> > renew_lifetime for all the principals?
> >
> > Thanks,
> > Gaurav
> > ________________________________________________
> > Kerberos mailing list           Kerberos at mit.edu
> > https://mailman.mit.edu/mailman/listinfo/kerberos
> >
> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>


More information about the Kerberos mailing list