Issues after switching from file- to LDAP-Backend

Marc Richter mail at marc-richter.info
Mon Feb 23 07:50:01 EST 2015


Hi Greg,

you are right - this seems to be the reason for the failing. Thank you 
very much for pointing me to this! I cannot explain why it did not hit 
me before the change to LDAP BE ... at least it works now. Thank you 
very much for that!

I also got an answer by Mark Pröhl, the author of the mentioned book, 
aside from this list. He pointed me to the Errata of his book, located 
at http://www.kerberos-buch.de/errata.html . These issues are already 
pointed there.

So thanks everybody for noticing.

Best regards,
Marc Richter

Am 19.02.2015 um 16:55 schrieb Greg Hudson:
> On 02/19/2015 10:16 AM, Marc Richter wrote:
>> kinit: Invalid format of Kerberos lifetime or clock skew string while
>> getting initial credentials
>
> I believe that error results from these lines in krb5.conf:
>
>          ticket_lifetime = 10 hours
>          renew_lifetime = 7 days
>
> These should be "10h" and "7d", as documented in:
> http://web.mit.edu/kerberos/krb5-latest/doc/basic/date_format.html#time-duration
>
> This error originates in the client, and should happen consistently
> regardless of whether you are using the DB2 or LDAP KDB modules on the KDC.
>


More information about the Kerberos mailing list