maxlife parameter not being honored?!

Gary LaVoy Wed, 09 Jun 2004 13:34:44 -0700

It appears that if I change the maxlife parameter in kdc.conf to something > whatever I had it set for then I originally created the principal DB, it will not be honored and the maximum life time I can assign to a user ticket is limited to whatever it was when I set up the db.

ex:

from kdc.conf

                max_life = 0d 1h 0m 0s

create your db, put people in it.

change   max life:

max_life = 7d 0h 0m 0s

change a users maxlife parameter with kadmin

modprinc -maxlife "4h" testuser

now, authenticate with that user using kinit for example

kinit testuser

and you will see that the max life for the user is 1 hour.

I tried kinit -l 4h testuser

same result.

If I COMPLETELY blow away the db and recreate it with kdc.conf set to 7days from the start, then it will work.

what am I missing here? bug? feature? something else I missed??

thanks in advance for any help!!

Gary

________________________________________________
Kerberos mailing list           [EMAIL PROTECTED]
https://mailman.mit.edu/mailman/listinfo/kerberos

maxlife parameter not being honored?!

Reply via email to