vtkstef wrote: > Hi, > > I am having problems to get TGTs with renewal periods as specified in > kinit -r option. My kdc.conf realm stanza has these two paramters set: > > max_life = 10h 0m 0s > max_renewable_life = 7d 0h 0m 0s > > I have explicitely set forwadable flag in the realms > default_principal_flags parameter > I have played with various values in /etc/krb5.conf [libdefault] stanza > renew_lifetime,and ticket_lifetime values, and I have set the principal > -maxrenewlife to 7 days. Still whenever I do a kinit -l 10h -r 7d my > renew untill timestamp is the same as the ticket creation one: > > [EMAIL PROTECTED] ~ $ klist -fc > Ticket cache: FILE:/tmp/krb5cc_1000 > Default principal: [EMAIL PROTECTED] > > Valid starting Expires Service principal > 10/15/05 03:51:29 10/15/05 13:51:29 krbtgt/[EMAIL PROTECTED] > renew until 10/15/05 03:51:29, Flags: RI > > I would really appreciate any insights to solve this riddle. > > Ciao > Stefano
Check the lifetime settings for the krbtgt/[EMAIL PROTECTED] and [EMAIL PROTECTED] principals in the KDB. Jeffrey Altman -- ----------------- This e-mail account is not read on a regular basis. Please send private responses to jaltman at mit dot edu ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos