[11652] in Kerberos-V5-bugs
[krbdev.mit.edu #6759] problem with renewing ticket. valid starting
daemon@ATHENA.MIT.EDU (Антон via RT)
Fri Aug 20 15:17:17 2010
Mail-followup-to: rt@krbdev.mit.edu
mail-copies-to: never
From: "Антон via RT" <rt-comment@krbdev.MIT.EDU>
In-Reply-To: <rt-6759@krbdev.mit.edu>
Message-ID: <rt-6759-33076.5.37212422591672@krbdev.mit.edu>
To: "'AdminCc of krbdev.mit.edu Ticket #6759'":;"'AdminCc of krbdev.mit.edu Ticket #6759'":;@MIT.EDU
Date: Fri, 20 Aug 2010 15:17:14 -0400 (EDT)
Reply-To: rt-comment@krbdev.MIT.EDU
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krb5-bugs-bounces@mit.edu
i have krb5 kdc server with ldap backend.
when i try to renew tiket i get:
$ kinit -R
kinit(v5): Ticket expired while renewing credentials
$ kinit -r 7d -l 2d
Password for f_anton@DOMAIN.MY:
$ klist -f
Ticket cache: FILE:/tmp/krb5cc_1013_s1kvrE
Default principal: f_anton@DOMAIN.MY
Valid starting Expires Service principal
*08/20/10 19:54:27* 08/21/10 19:54:27 krbtgt/DOMAIN.MY@DOMAIN.MY
renew until *08/20/10 19:54:27*, Flags: RI
Valid starting = renew until.
in kadmin.local:
kadmin.local: getprinc f_anton
[..]
Maximum ticket life: 2 days 00:00:00
Maximum renewable life: 28 days 00:00:00
[..]
Attributes:
Policy: default
kadmin.local: getpol default
Policy: default
Maximum password life: 157766400
Minimum password life: 86400
Minimum password length: 6
Minimum number of password character classes: 2
Number of old keys kept: 3
Reference count: 2
==========
kdc.conf:
[realms]
DOMAIN.MY = {
master_key_type = des-cbc-crc
supported_enctypes = rc4-hmac:normal des-cbc-crc:normal
des3-cbc-raw:normal des3-cbc-sha1:normal des-cbc-crc:afs3
max_renewable_life = 7d 0h 0m 0s
max_life = 2d 0h 0m 0s
default_principal_flags = +renewable
krbMaxTicketLife = 172800
krbMaxRenewableAge = 604800
}
==========
krb5.conf:
[libdefaults]
default_realm = DOMAIN.MY
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 2d
renew_lifetime = 7d
[dbdefaults]
ldap_kerberos_container_dn = "cn=kerberos,ou=kdcroot,dc=domain,dc=my"
[dbmodules]
domain.my = {
db_library = kldap
ldap_kdc_dn = cn=kdc,ou=kdcroot,dc=domain,dc=my
ldap_kadmind_dn = cn=kadmin,ou=kdcroot,dc=domain,dc=my
ldap_service_password_file = /var/lib/kerberos/krb5kdc/domain.my.ldapkey
ldap_servers = ldap://localhost/
ldap_conns_per_server = 15
}
[realms]
DOMAIN.MY = {
database_module = domain.my
admin_server = server6.domain.my
default_domain = domain.my
kdc = server7.domain.my
kdc = server6.domain.my
krbMaxTicketLife = 172800
krbMaxRenewableAge = 604800
}
=============
# rpm -qa '*krb*'
libkrb5-1.6.3-alt9
libkrb5-devel-1.6.3-alt9
krb5-ticket-watcher-1.0.2-alt3
krb5-kinit-1.6.3-alt9
krb5-kadmin-1.6.3-alt9
krb5-server-1.6.3-alt9
krb5-services-1.6.3-alt9
krb5-kdc-1.6.3-alt9
libkrb5-ldap-1.6.3-alt9
pam_krb5-3.13-alt1
_______________________________________________
krb5-bugs mailing list
krb5-bugs@mit.edu
https://mailman.mit.edu/mailman/listinfo/krb5-bugs
