[28737] in Kerberos
How to set Kerberos 5 ticket lifetime
daemon@ATHENA.MIT.EDU (Ido Levy)
Thu Nov 15 08:40:03 2007
To: kerberos@mit.edu
Message-ID: <OF18A825A8.8CD5CC1C-ONC2257394.0049BA24-C2257394.004AA1F6@il.ibm.com>
From: Ido Levy <IDOL@il.ibm.com>
Date: Thu, 15 Nov 2007 15:39:14 +0200
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Hello,
I would appreciate your advice on what is the best way to set default
kerberos 5 ticket lifetime
and what are the necessary configuration in the server and the client side.
I tried the following configuration but it didn't seems to work:
Server Side
1) The file kdc.conf -
I set "max_life = 168h 0m 0s" under the [realms] section.
2) I have also modified the principal and set its maxlife option as follows
> kadmin.local
Attempting to bind to one or more LDAP servers. This may take a
while...
kadmin.local: modify_principal -maxlife 168hours test@REALM
Principal "test@REALM" modified.
kadmin.local: getprinc test@REALM
Principal: test@REALM
Expiration date: [never]
Last password change: Thu Nov 15 13:53:50 IST 2007
Password expiration date: Wed Feb 13 13:53:50 IST 2008
Maximum ticket life: 7 days 00:00:00
Maximum renewable life: 7 days 00:00:00
Last modified: Thu Nov 15 15:32:10 IST 2007
Last successful authentication: [never]
Last failed authentication: [never]
Failed password attempts: 0
Number of keys: 4
Key: vno 4, Triple DES cbc mode with HMAC/sha1,
no salt
Key: vno 4, ArcFour with HMAC/md5,
no salt
Key: vno 4, AES-256 CTS mode with 96-bit SHA-1 HMAC,
no salt
Key: vno 4, DES cbc mode with RSA-MD5,
no salt
Attributes:
REQUIRES_PRE_AUTH
Policy: default
Linux Client Side:
No special configuration here
Thank you in advance,
Ido Levy
IBM R&D Labs in Israel
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
