[36894] in Kerberos
Question about how to obtain renewable ticket?
daemon@ATHENA.MIT.EDU (Neng Xue)
Mon Apr 13 17:14:00 2015
Message-ID: <552C317B.3030506@oracle.com>
Date: Mon, 13 Apr 2015 14:13:31 -0700
From: Neng Xue <neng.xue@oracle.com>
MIME-Version: 1.0
To: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Hi,
I am trying to obtain a renewable tgt from KDC via kinit. I have added a
principal in KDC:
kadmin.local: getprinc nexue
Principal: nexue@NEXUE.COM
Expiration date: [never]
Last password change: Sun Apr 12 11:31:41 PDT 2015
Password expiration date: [none]
Maximum ticket life: 0 days 08:00:00
*Maximum renewable life: 7 days 00:00:00*
Last modified: Sun Apr 12 11:31:41 PDT 2015 (root/admin@NEXUE.COM)
Last successful authentication: Mon Apr 13 13:38:40 PDT 2015
Last failed authentication: [never]
Failed password attempts: 0
Number of keys: 4
Key: vno 1, aes256-cts-hmac-sha1-96
Key: vno 1, aes128-cts-hmac-sha1-96
Key: vno 1, des3-cbc-sha1
Key: vno 1, arcfour-hmac
MKey: vno 1
Attributes: REQUIRES_PRE_AUTH
Policy: [none]
kadmin.local:
However, when I used 'kinit -r 20m', the klist -f output was:
Valid starting Expires Service principal
04/13/15 14:07:05 04/13/15 22:07:05 krbtgt/NEXUE.COM@NEXUE.COM
* Flags: IA*
There is no renewable flag from the output. And 'kinit -R' also didn't
work because of missing the renewable flag. Do I have to set extra
parameters in kdc.conf and krb5.conf to obtain the renewable ticket?
my *kdc.conf*:
12 max_renewable_life = 7d 0h 0m 0s
13 default_principal_flags = +preauth +*renewable*
my *krb5.conf*:
1 [*libdefaults*]
2 default_realm = NEXUE.COM
3 renewable = true
22 [*appdefaults*]
23 kinit = {
24 renewable = true
25 forwardable = true
26 }
Thanks!
Best
--
Neng Xue
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
