onsdag den 8 augusti 2012 klockan 15:18 skrev Simon Josefsson detta: > All, > > I have setup a Shishi KDC for interop purposes on interop.josefsson.org. > The server is running Ubuntu 12.04 with Shishi installed from packages.
There is one issue with ticket life times in the present setup. An outdated OpenSolaris, as well as a contemporary OpenIndiana, are both receiving TGT:s of almost infinite validity when requested by kinit(1) without specifying a desired life time at the command line. In fact, the ticket is valid until 2037-12-31, at 00:00. Using instead "kinit -l 2h" provides the bounded, and correct expiry time. The interpretation is that libshishi must initialize a sane default, even if the administrator does not ask for this explicitly. It seems as if the other MIT derived implementations, and those based on Heimdal, are by themselves imposing a reasonable time limit already in kinit(1), just as shishi(1) does itself. I do not think that Shishi should rely on this, but should instead improve in the sense of setting a finite interval as default initialization. Also, probably the authorization value of the TELNET server should be raised to "-avalid". Best regards, Mats Erik Andersson _______________________________________________ Help-shishi mailing list [email protected] https://lists.gnu.org/mailman/listinfo/help-shishi
