Hi, Thank you Sachin for your advice it solved the problem on my Linux clients.
Does anybody have experience with AIX clients ? The ticket lifetime a user can obtain as part of the login process on AIX machine can't get bigger value than one day. It seems like the KRB5 authentication module doesn't support ticket_lifetime parameter from krb5.conf. Any help/advice would be appreciated Ido Levy IBM R&D Labs in Israel "Sachin Punadikar" <punadikar.sachin To @gmail.com> Ido Levy/Haifa/[EMAIL PROTECTED] cc 16/11/2007 06:48 kerberos@mit.edu Subject Re: How to set Kerberos 5 ticket lifetime Hi, here is the formula which governs the ticket_lifetime. So look at it and make corresponding changes in your configuration ticket lifetime = minimum of ( "max_life" from kdc.conf file, "ticket_lifetime" from krb5.conf, "maxlife" of ticket granting service, i.e. krbtgt/realm_name, "maxlife" of the principle/user) Hope this helps. - Sachin. On Nov 15, 2007 7:09 PM, Ido Levy <[EMAIL PROTECTED]> wrote: > > Hello, > > I would appreciate your advice on what is the best way to set default > kerberos 5 ticket lifetime > and what are the necessary configuration in the server and the client side. > > I tried the following configuration but it didn't seems to work: > > Server Side > > 1) The file kdc.conf - > > I set "max_life = 168h 0m 0s" under the [realms] section. > > 2) I have also modified the principal and set its maxlife option as follows > > > kadmin.local > Attempting to bind to one or more LDAP servers. This may take a > while... > kadmin.local: modify_principal -maxlife 168hours [EMAIL > PROTECTED] > Principal "[EMAIL PROTECTED]" modified. > kadmin.local: getprinc [EMAIL PROTECTED] > Principal: [EMAIL PROTECTED] > Expiration date: [never] > Last password change: Thu Nov 15 13:53:50 IST 2007 > Password expiration date: Wed Feb 13 13:53:50 IST 2008 > Maximum ticket life: 7 days 00:00:00 > Maximum renewable life: 7 days 00:00:00 > Last modified: Thu Nov 15 15:32:10 IST 2007 > Last successful authentication: [never] > Last failed authentication: [never] > Failed password attempts: 0 > Number of keys: 4 > Key: vno 4, Triple DES cbc mode with HMAC/sha1, > no salt > Key: vno 4, ArcFour with HMAC/md5, > no salt > Key: vno 4, AES-256 CTS mode with 96-bit SHA-1 HMAC, > no salt > Key: vno 4, DES cbc mode with RSA-MD5, > no salt > > Attributes: > REQUIRES_PRE_AUTH > Policy: default > > Linux Client Side: > > No special configuration here > > > Thank you in advance, > > Ido Levy > IBM R&D Labs in Israel > > ________________________________________________ > Kerberos mailing list Kerberos@mit.edu > https://mailman.mit.edu/mailman/listinfo/kerberos > ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos