[28957] in Kerberos
Re: kerberos ticket lifetime in Heimdal
daemon@ATHENA.MIT.EDU (Victor Sudakov)
Wed Jan 2 02:00:10 2008
From: Victor Sudakov <vas@mpeks.no-spam-here.tomsk.su>
Date: Wed, 2 Jan 2008 06:31:08 +0000 (UTC)
Message-ID: <flfb3c$kp6$1@relay.tomsk.ru>
X-Complaints-To: noc@sibptus.tomsk.ru
X-Comment-To: Russ Allbery <rra@stanford.edu>
To: kerberos@mit.edu
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Russ Allbery wrote:
> > Running "kinit -l3d" or setting ticket_lifetime in krb5.conf results
> > in TGT's lifetime being 3 days, however all service tickets' lifetime
> > is still 1 day, like this:
> >
> > Issued Expires Principal
> > Jan 2 09:27:44 Jan 5 09:27:44 krbtgt/SIBPTUS.TOMSK.RU@SIBPTUS.TOMSK.RU
> > Jan 2 09:27:47 Jan 3 09:27:47 host/big.sibptus.tomsk.ru@SIBPTUS.TOMSK.RU
> >
> > How can I configure Kerberos so that all service tickets also get a
> > lifetime of 3 days?
> You probably need to change the maximum ticket lifetime for all of those
> principals in the KDC.
Thank you, it worked.
Is there a way to set the default maximum ticket lifetime for all
newly created principals?
I usually create new host principals by running "ktutil get" on the
host itself.
--
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
2:5005/49@fidonet http://vas.tomsk.ru/
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
