[37600] in Kerberos
Re: max_life problem
daemon@ATHENA.MIT.EDU (Greg Hudson)
Mon Aug 1 11:21:03 2016
To: =?UTF-8?B?0JDQu9C10LrRgdCw0L3QtNGAINCR0LDRgNCw0L3QuNC9?=
<avbaranin@gmail.com>,
kerberos@mit.edu
From: Greg Hudson <ghudson@mit.edu>
Message-ID: <579F68C8.1070000@mit.edu>
Date: Mon, 1 Aug 2016 11:20:40 -0400
MIME-Version: 1.0
In-Reply-To: <CACjhFAm1ZZNOS+h-K_Hfcb-qxpAvmHx-TNPvcveF+sEv83tfOg@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"
Errors-To: kerberos-bounces@mit.edu
Content-Transfer-Encoding: 8bit
On 08/01/2016 04:29 AM, Александр Баранин wrote:
> I use mit kerberos, version krb5-1.14.2, compiled from source.
> And I can't to force kdc to issue tickets for more than 10 hours.
In addition to the realm setting, the client and server entries in the
KDC database can also have a max_life value. Using "getprinc" in
kadmin, look at the "Maximum ticket life" on the user principal and on
krbtgt/ALFA.IT. Are either of them ten hours? If so, you can change
them with "modprinc -maxlife".
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos