Possible enhancement request for extra krb5.conf parameter support for kinit

Jeffrey Altman jaltman at secure-endpoints.com
Thu May 14 10:35:58 EDT 2015

On 5/13/2015 5:14 PM, Neng Xue wrote:
> As far as I can tell from Solaris kerberos, if there is no renewable 
> lifetime specified from kinit command line. It will then take the 
> maximum renewable lifetime (7 days by default).

From a usability and configuration perspective if the krb5.conf does not
specify [libdefault] ticket and renew lifetimes,then the client library
should not impose a limit and should request the maximum value.  The
ticket lifetime and the renew lifetime should be selected by the KDC
based upon the configured parameters for the client principal, krbtgt
principal or other service principal.

Jeffrey Altman

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4589 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mailman.mit.edu/pipermail/krbdev/attachments/20150514/9b58166c/attachment.bin

More information about the krbdev mailing list