Issues after switching from file- to LDAP-Backend
Greg Hudson
ghudson at mit.edu
Thu Feb 19 10:55:31 EST 2015
On 02/19/2015 10:16 AM, Marc Richter wrote:
> kinit: Invalid format of Kerberos lifetime or clock skew string while
> getting initial credentials
I believe that error results from these lines in krb5.conf:
ticket_lifetime = 10 hours
renew_lifetime = 7 days
These should be "10h" and "7d", as documented in:
http://web.mit.edu/kerberos/krb5-latest/doc/basic/date_format.html#time-duration
This error originates in the client, and should happen consistently
regardless of whether you are using the DB2 or LDAP KDB modules on the KDC.
More information about the Kerberos
mailing list