On Wed Nov 13 04:47:57 2002, Sam Hartman said: > However kinit -l should work. > Confirm that you can do something like > kinit -l 22:00:00 > I know that works > > Then try bumping up the lifetime until you run into problems and let > us know where things start breaking.
I seem to be having the same problem. I'm running krb5-1.2.5. I changed my kdc.conf so that max_life = 25h 0m 0s. I then restarted kadmind and created a test principal. Sure enough, its max life was 25 hours. But when I did a 'kinit -l 20h' for the principal, I got a TGT which would expire in 10 hours! I took a look at the max life for my krbtgt/<REALM> and it's 21:15:00 (which is what it was before I changed kdc.conf). So, what else should I be looking at? Mike ------------------------------------------------------------------------------ Mike Friedman System and Network Security [EMAIL PROTECTED] 2484 Shattuck Avenue 1-510-642-1410 University of California at Berkeley http://ack.Berkeley.EDU/~mikef http://security.berkeley.edu ------------------------------------------------------------------------------ ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] http://mailman.mit.edu/mailman/listinfo/kerberos
