In my environment, kadmin/admin has Maximum ticket life: 0 days 03:00:00.
Whilst the admin user of root/admin has Maximum ticket life: 0 days 00:01:00
It looks like the two has not related to what i experience (6 minutes)
On Tue, Mar 26, 2019 at 3:47 PM Jeffrey Hutzelman wrote:
> The max_life s
The max_life setting in kdc.conf is only a global maximum lifetime for any
ticket the KDC issues. The actual lifetime of issued tickets is also affected
by the client request, the maximum ticket lifetime settings on both the client
and service principals in the database, and (for TGS requests),
I did some experiments with admin session expiration. The sessions expires
within around 6 minutes no matter what is set in max_life in kdc.conf.
My guess is it is some hard coded value in KDC source code determines the
expiry.
On Mon, Mar 11, 2019 at 11:55 AM Jeffrey Hutzelman wrote:
> No, kad
> Per kdc.conf(5), the kdc.conf file doesn't live in /etc; it lives
> somewhere else. (I put it at /var/kerberos/krb5kdc/kdc.conf in
You are right: strace showed that kdc.conf is not searched in /etc:
[root@host ~]# grep -e 'kdc\.' /tmp/strace.log
678 stat("/var/lib/krb5kdc/kdc.conf", 0x7ffcd79
