On Thu Nov 14 10:17:42 2002, Ken Hornstein said: >>I seem to be having the same problem. I'm running krb5-1.2.5. I changed my >>kdc.conf so that max_life = 25h 0m 0s. I then restarted kadmind and created >>a test principal. Sure enough, its max life was 25 hours. But when I did a >>'kinit -l 20h' for the principal, I got a TGT which would expire in 10 hours! >> >>I took a look at the max life for my krbtgt/<REALM> and it's 21:15:00 (which >>is what it was before I changed kdc.conf). So, what else should I be looking >>at? > > Did you restart your KDC as well?
Oops, no I hadn't! So, I just restarted krb5kdc and that seems to do it. Of course, I still can't get a TGT with a lifetime greater than 21:15:00, which is the max life set for my krbtgt principal. But at least I know that 'kinit -l' isn't broken. Thanks. Mike ------------------------------------------------------------------------------ Mike Friedman System and Network Security [EMAIL PROTECTED] 2484 Shattuck Avenue 1-510-642-1410 University of California at Berkeley http://ack.Berkeley.EDU/~mikef http://security.berkeley.edu ------------------------------------------------------------------------------ ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] http://mailman.mit.edu/mailman/listinfo/kerberos
