Issues after switching from file- to LDAP-Backend
Marc Richter
mail at marc-richter.info
Mon Feb 23 07:50:01 EST 2015
Hi Greg,
you are right - this seems to be the reason for the failing. Thank you
very much for pointing me to this! I cannot explain why it did not hit
me before the change to LDAP BE ... at least it works now. Thank you
very much for that!
I also got an answer by Mark Pröhl, the author of the mentioned book,
aside from this list. He pointed me to the Errata of his book, located
at http://www.kerberos-buch.de/errata.html . These issues are already
pointed there.
So thanks everybody for noticing.
Best regards,
Marc Richter
Am 19.02.2015 um 16:55 schrieb Greg Hudson:
> On 02/19/2015 10:16 AM, Marc Richter wrote:
>> kinit: Invalid format of Kerberos lifetime or clock skew string while
>> getting initial credentials
>
> I believe that error results from these lines in krb5.conf:
>
> ticket_lifetime = 10 hours
> renew_lifetime = 7 days
>
> These should be "10h" and "7d", as documented in:
> http://web.mit.edu/kerberos/krb5-latest/doc/basic/date_format.html#time-duration
>
> This error originates in the client, and should happen consistently
> regardless of whether you are using the DB2 or LDAP KDB modules on the KDC.
>
More information about the Kerberos
mailing list