On Пан, 20 кас 2025, Russell Jones via FreeIPA-users wrote:
I have found in the kdc.conf file where max_life and max_renewable_life are defined as 7d and 14d respectively for my realm. Changing these values in the Web UI don't seem to touch this file at all.....
This is not supported. There are workarounds by changing the KDC configuration manually as described in the discussion in https://github.com/freeipa/freeipa/pull/6223 but ultimately the code in MIT Kerberos KDC will prevent us from making it fully customizable. Changing that code upstream is not considered a priority for upstream. Security-wise, it is really not recommended to have tickets valid for long time. If you are after automated renewal of Kerberos tickets, better learn how to integrate gssproxy into your workflow. -- / Alexander Bokovoy Sr. Principal Software Engineer Security / Identity Management Engineering Red Hat Limited, Finland -- _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
