Issues after switching from file- to LDAP-Backend

Greg Hudson ghudson at mit.edu
Thu Feb 19 10:55:31 EST 2015


On 02/19/2015 10:16 AM, Marc Richter wrote:
> kinit: Invalid format of Kerberos lifetime or clock skew string while
> getting initial credentials

I believe that error results from these lines in krb5.conf:

        ticket_lifetime = 10 hours
        renew_lifetime = 7 days

These should be "10h" and "7d", as documented in:
http://web.mit.edu/kerberos/krb5-latest/doc/basic/date_format.html#time-duration

This error originates in the client, and should happen consistently
regardless of whether you are using the DB2 or LDAP KDB modules on the KDC.


More information about the Kerberos mailing list