[36895] in Kerberos
Re: Question about how to obtain renewable ticket?
daemon@ATHENA.MIT.EDU (Greg Hudson)
Mon Apr 13 17:31:04 2015
Message-ID: <552C3586.5050306@mit.edu>
Date: Mon, 13 Apr 2015 17:30:46 -0400
From: Greg Hudson <ghudson@mit.edu>
MIME-Version: 1.0
To: Neng Xue <neng.xue@oracle.com>, kerberos@mit.edu
In-Reply-To: <552C317B.3030506@oracle.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
On 04/13/2015 05:13 PM, Neng Xue wrote:
> However, when I used 'kinit -r 20m', the klist -f output was:
The KDC won't issue a renewable ticket if you request a lifetime greater
than the renewable lifetime. You could try "kinit -l 10m -r 20m", or
"kinit -r 2d" or something.
Also make sure that krbtgt/NEXUE.COM has a max renewable lifetime; the
KDC checks both the client and server principal entries.
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
