Query regarding max_life.

P Santoshkumar psantoshkumar at novell.com
Thu Jun 15 12:45:59 EDT 2006 

Hello,

I figured out that max_life cannot be set to 0 as the ticket will not
have any life time. The problem that I' am facing is that I' am not able
to read the max_life value which will be set at the realm because if the
value is not set during the creation of the principal or if the value is
not set in the configuration file then the value is set to 1 day which
means that when I have to add the value from the realm I can only check
with respect to the non-zero value of the max_life and then add from the
realm if any value exists in it. So to solve this problem is it fine to
set the default value in LDAP as that will be the final operation?
Another possible way is to not add any default value during the creation
of the principal and leave it as 0 and when we do a get_principal we can
send the default value instead of 0.

Thanks and Regards,
Santosh.

>>> On Thu, Jun 15, 2006 at  4:47 pm, in message
<44918E49.53B1.00A1.0 at novell.com>,
"P Santoshkumar" <psantoshkumar at novell.com> wrote: 
> Hello,
> 
> In kadm5_get_config_params the value of max_life is set to 1 day if it
> is not present in the file and 0 for max_renewable_life. Is there any
> particular reason that the default value for max_life is not 0 and 1
> day?
> 
> This is extract from the function kadm5_get_config_params.
> 
>     hierarchy[2] = "max_life";
>     if (params_in- >mask & KADM5_CONFIG_MAX_LIFE) {
>          params.mask |= KADM5_CONFIG_MAX_LIFE;
>          params.max_life = params_in- >max_life;
>     } else if (aprofile &&
>                !krb5_aprof_get_deltat(aprofile, hierarchy, TRUE,
> &dtvalue)) {
>          params.max_life = dtvalue;
>          params.mask |= KADM5_CONFIG_MAX_LIFE;
>     } else {
>          params.max_life = 24 * 60 * 60; /* 1 day */
>          params.mask |= KADM5_CONFIG_MAX_LIFE;
>     }
> 
>     /* Get the value for maximum renewable ticket lifetime. */
>     hierarchy[2] = "max_renewable_life";
>     if (params_in- >mask & KADM5_CONFIG_MAX_RLIFE) {
>          params.mask |= KADM5_CONFIG_MAX_RLIFE;
>          params.max_rlife = params_in- >max_rlife;
>     } else if (aprofile &&
>                !krb5_aprof_get_deltat(aprofile, hierarchy, TRUE,
> &dtvalue)) {
>          params.max_rlife = dtvalue;
>          params.mask |= KADM5_CONFIG_MAX_RLIFE;
>     } else {
>          params.max_rlife = 0;
>          params.mask |= KADM5_CONFIG_MAX_RLIFE;
>     }
> 
> 
> Thanks and Regards,
> Santosh.
> _______________________________________________
> krbdev mailing list             krbdev at mit.edu
> https://mailman.mit.edu/mailman/listinfo/krbdev

More information about the krbdev mailing list