[30465] in Kerberos
Setting initial key lifetime?
daemon@ATHENA.MIT.EDU (Michael B. Trausch)
Thu Nov 20 14:52:27 2008
From: "Michael B. Trausch" <mike@trausch.us>
Date: Thu, 20 Nov 2008 10:42:10 -0500
Message-ID: <20081120104210.17fd7f8f@zest.spicerack.trausch.us>
Mime-Version: 1.0
X-Complaints-To: Please send complaints to abuse@motzarella.org with full
headers
To: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Hello,
I'm using MIT Kerberos and trying to figure out how to make tickets
have a more reasonable default lifetime. So far, I have tried
editing /etc/krb5.conf on both the client and the server, however, I
still get a TGT which lasts only 10 hours. I'd like the ticket to be
issued for 7 days, and be renewable for up to 21 days. Is there a way
to do this?
Also, is there a way to detect when the ticket is no longer renewable
and prompt the user to logout, perhaps? My setup is Kerberos tied into
PAM, using LDAP for user information, and NFSv4 for home directories,
and it's all Ubuntu (Intrepid, if that helps).
--- Mike
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
