[28956] in Kerberos


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: kerberos ticket lifetime in Heimdal

daemon@ATHENA.MIT.EDU (Russ Allbery)
Tue Jan 1 23:30:36 2008

To: Victor Sudakov <vas@mpeks.no-spam-here.tomsk.su>
In-Reply-To: <flf0ln$glr$1@relay.tomsk.ru> (Victor Sudakov's message of "Wed\,
	2 Jan 2008 03\:33\:11 +0000 \(UTC\)")
From: Russ Allbery <rra@stanford.edu>
Date: Tue, 01 Jan 2008 20:29:44 -0800
Message-ID: <87fxxgj1dz.fsf@windlord.stanford.edu>
MIME-Version: 1.0
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu

Victor Sudakov <vas@mpeks.no-spam-here.tomsk.su> writes:

> Running "kinit -l3d" or setting ticket_lifetime in krb5.conf results
> in TGT's lifetime being 3 days, however all service tickets' lifetime
> is still 1 day, like this:
>
>   Issued           Expires          Principal
> Jan  2 09:27:44  Jan  5 09:27:44  krbtgt/SIBPTUS.TOMSK.RU@SIBPTUS.TOMSK.RU
> Jan  2 09:27:47  Jan  3 09:27:47  host/big.sibptus.tomsk.ru@SIBPTUS.TOMSK.RU
>
> How can I configure Kerberos so that all service tickets also get a
> lifetime of 3 days?

You probably need to change the maximum ticket lifetime for all of those
principals in the KDC.

-- 
Russ Allbery (rra@stanford.edu)             <http://www.eyrie.org/~eagle/>
________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[28956] in Kerberos

Re: kerberos ticket lifetime in Heimdal

daemon@ATHENA.MIT.EDU (Russ Allbery)Tue Jan 1 23:30:36 2008

daemon@ATHENA.MIT.EDU (Russ Allbery)
Tue Jan 1 23:30:36 2008