Hi, I am trying to obtain a renewable tgt from KDC via kinit. I have added a principal in KDC:
kadmin.local: getprinc nexue Principal: ne...@nexue.com Expiration date: [never] Last password change: Sun Apr 12 11:31:41 PDT 2015 Password expiration date: [none] Maximum ticket life: 0 days 08:00:00 *Maximum renewable life: 7 days 00:00:00* Last modified: Sun Apr 12 11:31:41 PDT 2015 (root/ad...@nexue.com) Last successful authentication: Mon Apr 13 13:38:40 PDT 2015 Last failed authentication: [never] Failed password attempts: 0 Number of keys: 4 Key: vno 1, aes256-cts-hmac-sha1-96 Key: vno 1, aes128-cts-hmac-sha1-96 Key: vno 1, des3-cbc-sha1 Key: vno 1, arcfour-hmac MKey: vno 1 Attributes: REQUIRES_PRE_AUTH Policy: [none] kadmin.local: However, when I used 'kinit -r 20m', the klist -f output was: Valid starting Expires Service principal 04/13/15 14:07:05 04/13/15 22:07:05 krbtgt/nexue....@nexue.com * Flags: IA* There is no renewable flag from the output. And 'kinit -R' also didn't work because of missing the renewable flag. Do I have to set extra parameters in kdc.conf and krb5.conf to obtain the renewable ticket? my *kdc.conf*: 12 max_renewable_life = 7d 0h 0m 0s 13 default_principal_flags = +preauth +*renewable* my *krb5.conf*: 1 [*libdefaults*] 2 default_realm = NEXUE.COM 3 renewable = true 22 [*appdefaults*] 23 kinit = { 24 renewable = true 25 forwardable = true 26 } Thanks! Best -- Neng Xue ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos