Hi Greg, Thanks so much! I should have asked you sooner. It was because that the krbtgt/NEXUE.COM did not have a max renewable lifetime :)
Best, Neng On 04/13/15 02:30 PM, Greg Hudson wrote: > On 04/13/2015 05:13 PM, Neng Xue wrote: >> However, when I used 'kinit -r 20m', the klist -f output was: > The KDC won't issue a renewable ticket if you request a lifetime greater > than the renewable lifetime. You could try "kinit -l 10m -r 20m", or > "kinit -r 2d" or something. > > Also make sure that krbtgt/NEXUE.COM has a max renewable lifetime; the > KDC checks both the client and server principal entries. > -- Neng Xue Oracle Solaris Software Engineer Santa Clara, CA, USA ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
