I have found in the kdc.conf file where max_life and max_renewable_life are defined as 7d and 14d respectively for my realm. Changing these values in the Web UI don't seem to touch this file at all.....
On Mon, Oct 20, 2025 at 9:45 AM Russell Jones <[email protected]> wrote: > Hi all, > > I upgraded our 4 node FreeIPA cluster from 4.6 to 4.12 last week. Since > doing so, I am struggling to have our ticket lifetime settings be honored. > > I have our "Max life" set to 364 days, however any kinit gets a ticket > that is only valid for 7 days. I have also checked krbtpolicy-show for an > individual user and it shows the correct expiration time for the user. > > Doing a "kinit -l 30d" or "-l 364d" does not give any errors, however the > ticket received is still only valid for 7 days. > > Any ideas what I could be missing? >
-- _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
