Question about how to obtain renewable ticket?
Neng Xue
neng.xue at oracle.com
Mon Apr 13 17:13:31 EDT 2015
Hi,
I am trying to obtain a renewable tgt from KDC via kinit. I have added a
principal in KDC:
kadmin.local: getprinc nexue
Principal: nexue at NEXUE.COM
Expiration date: [never]
Last password change: Sun Apr 12 11:31:41 PDT 2015
Password expiration date: [none]
Maximum ticket life: 0 days 08:00:00
*Maximum renewable life: 7 days 00:00:00*
Last modified: Sun Apr 12 11:31:41 PDT 2015 (root/admin at NEXUE.COM)
Last successful authentication: Mon Apr 13 13:38:40 PDT 2015
Last failed authentication: [never]
Failed password attempts: 0
Number of keys: 4
Key: vno 1, aes256-cts-hmac-sha1-96
Key: vno 1, aes128-cts-hmac-sha1-96
Key: vno 1, des3-cbc-sha1
Key: vno 1, arcfour-hmac
MKey: vno 1
Attributes: REQUIRES_PRE_AUTH
Policy: [none]
kadmin.local:
However, when I used 'kinit -r 20m', the klist -f output was:
Valid starting Expires Service principal
04/13/15 14:07:05 04/13/15 22:07:05 krbtgt/NEXUE.COM at NEXUE.COM
* Flags: IA*
There is no renewable flag from the output. And 'kinit -R' also didn't
work because of missing the renewable flag. Do I have to set extra
parameters in kdc.conf and krb5.conf to obtain the renewable ticket?
my *kdc.conf*:
12 max_renewable_life = 7d 0h 0m 0s
13 default_principal_flags = +preauth +*renewable*
my *krb5.conf*:
1 [*libdefaults*]
2 default_realm = NEXUE.COM
3 renewable = true
22 [*appdefaults*]
23 kinit = {
24 renewable = true
25 forwardable = true
26 }
Thanks!
Best
--
Neng Xue
More information about the Kerberos
mailing list