On 9/21/22 03:45, Wouter Verhelst wrote: > default_principal_expiration = 0
This value is failing to parse as a timestamp. Removing this line appears to clear up the config parsing error, and the default should have the same effect. I see that the documentation for default_principal_expiration says "The default value is 0, which means no expiration date." I see how someone would get that from the code when writing the documentation, but clearly the documented default should be something that parses. (I think you'd have to write out the beginning of the POSIX time epoch--in local time--in something like yyyymmddhhmmss format to get this default.) The whole concept of default_principal_expiration as an absolute time seems suspect to me; I have trouble imagining a productive realm configuration where every new principal by default expires on some particular fixed date. I don't see any meaningful differences between the current code in this area and the code going back fifteen years or so. So I'm not sure how this broke during a migration. ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
