Hi. Running rh7.3, krb5-1.2.4-11 rpms.
I cannot get the kerberos maxlifetime to work.
In /etc/krb5.conf:
[libdefaults] ticket_lifetime = 2592000
[appdefaults]
pam = {
debug = true
ticket_lifetime = 2592000
renew_lifetime = 2592000I have also messed with the lifetime of the principals:
kadmin.local: getprinc bozo
Principal: [EMAIL PROTECTED]
Expiration date: Wed Dec 30 19:00:00 EST 2037
Last password change: [never]
Password expiration date: [none]
Maximum ticket life: 30 days 00:00:00
Maximum renewable life: 7 days 00:00:00
Last modified: Thu Jun 03 17:59:15 EDT 2004 (root/[EMAIL PROTECTED])
Last successful authentication: [never]
Last failed authentication: [never]
Failed password attempts: 0
Number of keys: 1
Key: vno 0, DES cbc mode with CRC-32, AFS version 3
Attributes:
Policy: [none]
kadmin.local: getprinc krbtgt/CCMR.CORNELL.EDU
Principal: krbtgt/[EMAIL PROTECTED]
Expiration date: [never]
Last password change: [never]
Password expiration date: [none]
Maximum ticket life: 30 days 00:00:00
Maximum renewable life: 30 days 00:00:00
Last modified: Thu Jun 03 17:12:48 EDT 2004 (root/[EMAIL PROTECTED])
Last successful authentication: [never]
Last failed authentication: [never]
Failed password attempts: 0
Number of keys: 4
Key: vno 1, Triple DES cbc mode with HMAC/sha1, no salt
Key: vno 1, DES cbc mode with CRC-32, no salt
Key: vno 1, DES cbc mode with RSA-MD4, no salt
Key: vno 1, DES cbc mode with RSA-MD5, no salt
Attributes:
Policy: [none]
so, let's try a kinit: bee:~> kinit -l5days Password for [EMAIL PROTECTED]: bee:~> klist Ticket cache: FILE:/tmp/krb5cc_252_NXXrfV Default principal: [EMAIL PROTECTED]
Valid starting Expires Service principal
06/03/04 18:00:01 06/04/04 18:00:01 krbtgt/[EMAIL PROTECTED]
Kerberos 4 ticket cache: /tmp/tkt252_epz0nn klist: You have no tickets cached
as you can see, my kerberos ticket is not good for 5 days.
Is there some setting I am missing someplace? Is something just broken?
Thanks!
ps just for kicks, tried it over on Fedora Core 1 with krb5-1.3.2 ... still not working right.
-- ******************************** David William Botsch Consultant/Advisor II CCMR Computing Facility [EMAIL PROTECTED] ******************************** ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos
