Re: maxlife parameter not being honored?!

Ken Raeburn Wed, 09 Jun 2004 13:57:37 -0700

The maximum ticket lifetime data is stored in the database for *all* principals -- the user, the TGS, and the application service. The KDC will use all of those (as well as the lifetime of the TGT, when getting additional tickets) in computing the maximum allowable lifetime of tickets it issues.

Check the max ticket lifetime of krbtgt/YOUR.REALM.NAME, to start with. If you want longer-lived application service tickets, you'll have to update those principals as well.

Ken

________________________________________________
Kerberos mailing list           [EMAIL PROTECTED]
https://mailman.mit.edu/mailman/listinfo/kerberos

Re: maxlife parameter not being honored?!

Reply via email to