Possible enhancement request for extra krb5.conf parameter support for kinit
Nico Williams
nico at cryptonector.com
Thu May 14 11:22:39 EDT 2015
On Thu, May 14, 2015 at 10:35:58AM -0400, Jeffrey Altman wrote:
> On 5/13/2015 5:14 PM, Neng Xue wrote:
> > As far as I can tell from Solaris kerberos, if there is no renewable
> > lifetime specified from kinit command line. It will then take the
> > maximum renewable lifetime (7 days by default).
>
> From a usability and configuration perspective if the krb5.conf does not
> specify [libdefault] ticket and renew lifetimes,then the client library
> should not impose a limit and should request the maximum value. The
> ticket lifetime and the renew lifetime should be selected by the KDC
> based upon the configured parameters for the client principal, krbtgt
> principal or other service principal.
+1
More information about the krbdev
mailing list