[24164] in Kerberos
Re: Default ticket lifetime
daemon@ATHENA.MIT.EDU (Russ Allbery)
Wed Jun 29 00:37:24 2005
To: kerberos@mit.edu
In-Reply-To: <20050629042921.GG19748@dbz.icequake.net> (Ryan Underwood's
message of "Tue, 28 Jun 2005 23:29:21 -0500")
From: Russ Allbery <rra@stanford.edu>
Date: Tue, 28 Jun 2005 21:36:42 -0700
Message-ID: <87y88t4w4l.fsf@windlord.stanford.edu>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Errors-To: kerberos-bounces@mit.edu
Ryan Underwood <nemesis-lists@icequake.net> writes:
> From the Changelog, it looks like this was disabled sometime in 1996 and
> never revisited. But this is what I was referring to in my original
> post. Was this a bad idea for some reason?
It looks more like an effort was made to add it, but never really
finished.
Anyway, that's libdefaults. Looking at the source of kinit for 1.4, it
sure looks like my original message was *supposed* to be right:
#define KINIT_DEFAULT_LIFE "default_lifetime"
[...]
/* Lifetime */
default_list[KINIT_LIFETM_INDEX].option = KINIT_DEFAULT_LIFE ;
default_list[KINIT_LIFETM_INDEX].default_value = "10hrs" ;
default_list[KINIT_LIFETM_INDEX].parse_function = krb5_string_to_deltat ;
default_list[KINIT_LIFETM_INDEX].store =(void *) &(opts->lifetime);
[...]
if ( k5->me != NULL ) {
rcode = krb5_appdefault_read(k5->ctx,progname,
krb5_princ_realm(k5->ctx,k5->me),
default_list,KINIT_DEFAULT_COUNT);
} else {
rcode = krb5_appdefault_read(k5->ctx,progname,
NULL,
default_list,KINIT_DEFAULT_COUNT);
}
That would be default_lifetime in [appdefaults]. Are you sure that you
have the time specification syntax right?
--
Russ Allbery (rra@stanford.edu) <http://www.eyrie.org/~eagle/>
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
