[36811] in Kerberos
Re: Issues after switching from file- to LDAP-Backend
daemon@ATHENA.MIT.EDU (Marc Richter)
Mon Feb 23 07:50:24 2015
Message-ID: <54EB21F9.1030204@marc-richter.info>
Date: Mon, 23 Feb 2015 13:50:01 +0100
From: Marc Richter <mail@marc-richter.info>
MIME-Version: 1.0
To: kerberos@mit.edu
In-Reply-To: <54E60773.6040805@mit.edu>
Content-Type: text/plain; charset="windows-1252"
Errors-To: kerberos-bounces@mit.edu
Content-Transfer-Encoding: 8bit
Hi Greg,
you are right - this seems to be the reason for the failing. Thank you
very much for pointing me to this! I cannot explain why it did not hit
me before the change to LDAP BE ... at least it works now. Thank you
very much for that!
I also got an answer by Mark Pröhl, the author of the mentioned book,
aside from this list. He pointed me to the Errata of his book, located
at http://www.kerberos-buch.de/errata.html . These issues are already
pointed there.
So thanks everybody for noticing.
Best regards,
Marc Richter
Am 19.02.2015 um 16:55 schrieb Greg Hudson:
> On 02/19/2015 10:16 AM, Marc Richter wrote:
>> kinit: Invalid format of Kerberos lifetime or clock skew string while
>> getting initial credentials
>
> I believe that error results from these lines in krb5.conf:
>
> ticket_lifetime = 10 hours
> renew_lifetime = 7 days
>
> These should be "10h" and "7d", as documented in:
> http://web.mit.edu/kerberos/krb5-latest/doc/basic/date_format.html#time-duration
>
> This error originates in the client, and should happen consistently
> regardless of whether you are using the DB2 or LDAP KDB modules on the KDC.
>
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos