Max renewable lifetime issues
Benjamin Kaduk
kaduk at MIT.EDU
Wed Mar 13 14:44:51 EDT 2013
On Wed, 13 Mar 2013, Tiago Elvas wrote:
> Hi all,
>
> I am having a problem in my system which I do not understand why it's
> happening.
> Firstly, I have a KDC running on a RedHat 5.7 machine. I have the parameter
> maximum_renewable_life as 5000days in kdc.conf and krb5.conf. For each user
> I have added, I also configured as 5000days max_renewable_life.
> However, I am experiencing two different situations:
>
> 1. In Linux clients, I only have 1000days as max_renewable_life.
> 2. In windows clients (kerberos for windows), I am getting only 30
> days..!?
In the KfW 4.0 series, the Ticket Manager's "Get Ticket" dialog box has a
slider for both ticket lifetime and ticket renewable lifetime; the default
maximum renewable lifetime for this slider is 30 days. This is purely an
artifact of the GUI application; the kinit.exe utility does not have such
a limitation.
The bounds of the sliders can be changed by setting registry keys
{HKCU,HKLM}\Software\MIT\Leash\{renew,life}_{min,max} of type DWORD. The
value is measured in minutes.
-Ben Kaduk
More information about the Kerberos
mailing list