max_life problem

[Greg Hudson]

On 08/01/2016 04:29 AM, Александр Баранин wrote:
> I use mit kerberos, version krb5-1.14.2, compiled from source.
> And I can't to force kdc to issue tickets for more than 10 hours.

In addition to the realm setting, the client and server entries in the
KDC database can also have a max_life value.  Using "getprinc" in
kadmin, look at the "Maximum ticket life" on the user principal and on
krbtgt/ALFA.IT.  Are either of them ten hours?  If so, you can change
them with "modprinc -maxlife".