Good day, lease help in situation - after install and configure MIT kerberos as server (from Scientific Linux 6x64bit distribut), PAM auth client for ~10 hosts, NFS4 auth it work properly, but life time for tickes no more 1 day. So, this very little value
for resolve this problem - i read some documentation in inet and from oficial site in part intialization variable in krb5.conf, kdc.conf, kadm5.acl and time format string - after that i set to long value 10 and 30 days in variable -- max_lifetime and max_renewable_life in file kdc.conf on Kerberos server host, -- ticket_lifetime and renew_lifetime in file krb5.conf on Kerberos server and client host, -- for record *... in file kadm5.acl add options -maxlife 30d -maxrenewlife 30d -expire 30d -- modify test_principal with options -maxlife "10 days" -maxrenewlife "30 days" after that restart Kerberos server and client host.Result - null call any variants - kdestroy; kinit test_principal; klist kdestroy; kinit -l 10d -r 30d test_principal; klist kdestroy; kinit -l 10d test_principal; klist and in all cases klist say - expired after +1day, renew until "call date". !! No 10, no 30 days !! If call kinit -R - have a message "kinit: Ticket expired while renewing credentials" please help configure lifetime > 10days and enable renewal finctional Sergey ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos