On Fri, May 02, 2008 at 08:57:48AM -0700, Russ Allbery wrote: > The key information that you don't include is your kdc.conf file and the > getprinc output for the krbtgt/SOME.REALM.COM principal. The KDC cannot > hand out tickets with a longer lifetime than the lifetime of the krbtgt > principal; that's the most common configuration mistake that causes this. > > -- > Russ Allbery ([EMAIL PROTECTED]) <http://www.eyrie.org/~eagle/>
My apologies, you are absolutely correct. The problem did in fact turn out to be the krbtgt/SOME.REALM.COM principal. Not being aware of this relationship I didn't check it. Apparently I somehow managed to lose ticket-life timing information during a recent dump/load (probably something else I overlooked at the time). Thanks for your quick response, and I'll dig a bit deeper before hitting the "bug" button next time. Ed -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
