On Jan 27, 2008 10:01 PM, <[EMAIL PROTECTED]> wrote: > Hi everyone, > > I have a simple MIT Kerberos config. One KDC/KAS, a handful of > client. I have a principal that I'd like to allow 24h expiration > times on tickets. > > My kdc.conf has "max_life = 24h 0m 0s", but if I run "kinit -l 24h", I > still get the default 10h expiration time. > > I noticed that the principal had been created with a 10h max life, so > I did "modprinc -maxlife '24 hours' ross". The new lifetime is > reflected in the getprinc output. > > Still, kinit only gets me a 10h ticket. What gives? > > I'm using the krb5 packages from Debian, if that makes a difference. > Thanks! > > Ross
You also have to increase the maximum lifetime of the service you are authenticating to. In this case that is the krbtgt service (krbtgt/[EMAIL PROTECTED]). K.C. ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
