dont work lifetime options
Sergey S. Belonin
srzrt at yandex.ru
Thu Aug 29 07:36:12 EDT 2013
Good day, lease help in situation
- after install and configure MIT kerberos as server (from Scientific
Linux 6x64bit distribut), PAM auth client for ~10 hosts, NFS4 auth it
work properly, but life time for tickes no more 1 day. So, this very
little value
for resolve this problem
- i read some documentation in inet and from oficial site in part
intialization variable in krb5.conf, kdc.conf, kadm5.acl and time
format string
- after that i set to long value 10 and 30 days in variable
-- max_lifetime and max_renewable_life in file kdc.conf on Kerberos
server host,
-- ticket_lifetime and renew_lifetime in file krb5.conf on Kerberos
server and client host,
-- for record *... in file kadm5.acl add options -maxlife 30d
-maxrenewlife 30d -expire 30d
-- modify test_principal with options -maxlife "10 days" -maxrenewlife
"30 days"
after that restart Kerberos server and client host.Result - null
call any variants -
kdestroy; kinit test_principal; klist
kdestroy; kinit -l 10d -r 30d test_principal; klist
kdestroy; kinit -l 10d test_principal; klist
and in all cases klist say - expired after +1day, renew until "call
date". !! No 10, no 30 days !!
If call kinit -R - have a message "kinit: Ticket expired while renewing
credentials"
please help configure lifetime > 10days and enable renewal finctional
Sergey
More information about the Kerberos
mailing list