Dear Sirs, When I tried to add my FreeBSD machine as a domain member to ADS domain (with Windows Server 2003 SP1 as a domain controller), the problem with Kerberos authentication arised. I installed heimdal-0.6_3.2 package for Kerberos authentication.
I used the following /etc/krb5.conf file: [appdefaults] encrypt = yes forward = yes forwardable = yes no-addresses = yes proxiable = yes renew_lifetime = 70 years ticket_lifetime = 70 years [libdefaults] default_realm = MY.REALM dns_lookup_kdc = yes dns_lookup_realm = yes forwardable = yes kdc_timesync = yes proxiable = yes renew_lifetime = 70 years ticket_lifetime = 70 years [domain_realm] .my.domain = MY.REALM [realms] MY.REALM = { admin_server = controller.my.domain kdc = controller.my.domain:88 kpasswd_server = controller.my.domain:464 krb524_server = controller.my.domain } (this is an example file, in my real file "MY.REALM", "controller", and "my.domain" entries are substituted with the real names). When I tried to kinit [EMAIL PROTECTED], I got the following: [EMAIL PROTECTED] Password: kinit: krb5_get_init_creds: Requested effective lifetime is negative or too short # klist -v klist: No ticket file: /tmp/krb5cc_0 Then I tried to change "renew_lifetime" and "ticket_lifetime" entries in my /etc/krb5.conf file to "700 years", and this is what I got: # kinit [EMAIL PROTECTED] [EMAIL PROTECTED] Password: kinit: NOTICE: ticket renewable lifetime is SU ( # klist -v Credentials cache: FILE:/tmp/krb5cc_0 Principal: [EMAIL PROTECTED] Cache version: 4 KDC time offset: -4 seconds Server: krbtgt/[EMAIL PROTECTED] Ticket etype: arcfour-hmac-md5, kvno 2 Auth time: Oct 30 11:01:20 2005 End time: Jan 1 03:00:00 1970 (expired) Renew till: Jan 1 03:00:00 1970 Ticket flags: forwardable, proxiable, renewable, initial, ok-as-delegate Addresses: Now, the questions are: 1) Why should I set so long time period for tickets and for renewable tickets, and 2) Why is the ticket obtained from my domain controller for my FreeBSD client is expired? If You have any ideas, please write me. I tried to figure out why is this so, but I didn't find any sources where this case was described and what should be done to resolve this problem. Thank You in advance, and looking forward hearing from You. Vadym Yepishov, FreeBSD fan:) P.S. I use FreeBSD 5.4 ----- End forwarded message ----- _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"