> -----Original Message----- > From: Phil Dibowitz [mailto:[EMAIL PROTECTED] > Sent: Monday, October 25, 2004 4:51 PM > To: Kevin Coffman > Cc: [EMAIL PROTECTED] > Subject: Re: Renewable Tickets > > On Mon, Oct 25, 2004 at 04:46:21PM -0400, Kevin Coffman wrote: > > > > Also check the properties on the client and service principals > > > > (including the krbtgt principals). I forget whether max renewable > > > > lifetime is one of them, but if it is, it would be set when the > > > > principal is created or when you use "modprinc" in kadmin, and the > > > > config file specifications won't extend it, only (potentially) > further > > > > limit it. > > > > > > You had me all excited for a minute... but no: > > > > > > kadmin: getprinc phil > > > ... > > > Maximum renewable life: 7 days 00:00:00 > > > > > > That's the client. What about > > getprinc krbtgt/[EMAIL PROTECTED] ? > > Aha! > > Maximum renewable life: 0 days 00:00:00 > > So... "krbtgt" is the principal for... the domain? I'm still catching up > on > Kerberos here.
It is the principal for the Ticket Granting Service. > so a > modprinc -maxrenewlife 7d krbtgt/[EMAIL PROTECTED] > > Should fix this? Yes :-) ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos