default ticket max_life issue

Vipin Rathor v.rathor at
Wed Mar 7 08:37:47 EST 2007

hi all,
I just configured a MIT1.5 kdc and when I successfully did the kinit
admin/admin, the klist shows the ticket lifetime as 24 hrs. whereas in the
kerberos online doc(,
it's written that default max_life is 10 hrs.
1. Which one is correct for default max_life, 24h or 10h?
2. Is this an expected behavior or some kind of doc-defect/bug?

Here is my kdc.conf:
         TEST = {
             kadmind_port = 749
             max_renewable_life = 7d 0h 0m 0s
             master_key_type = des3-hmac-sha1
             supported_enctypes = des3-hmac-sha1:normal des-cbc-crc:normal

Here is what klist showing:

# kinit admin/admin
Password for admin/admin at TEST:
# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: admin/admin at TEST

Valid starting     Expires            Service principal
03/07/07 08:40:13  03/08/07 08:40:13  krbtgt/TEST at TEST

Kerberos 4 ticket cache: /tmp/tkt0
klist: You have no tickets cached

Thanks in advance.

More information about the krbdev mailing list