max_life problem
Benjamin Kaduk
kaduk at MIT.EDU
Tue Aug 2 15:56:55 EDT 2016
On Mon, 1 Aug 2016, Greg Hudson wrote:
> On 08/01/2016 04:29 AM, Александр Баранин wrote:
> > I use mit kerberos, version krb5-1.14.2, compiled from source.
> > And I can't to force kdc to issue tickets for more than 10 hours.
>
> In addition to the realm setting, the client and server entries in the
> KDC database can also have a max_life value. Using "getprinc" in
> kadmin, look at the "Maximum ticket life" on the user principal and on
> krbtgt/ALFA.IT. Are either of them ten hours? If so, you can change
> them with "modprinc -maxlife".
(It looks like this is on a Debian system, so I'll note that the debian
krb5-kdc package will create a kdc.conf that has max_life 10 hours on
first installation. So, principals created when such a kdc.conf was in
place would be affected by it.)
-Ben
More information about the Kerberos
mailing list