On Thu, 14 Nov 2002, Ken Hornstein wrote: > >Oops, no I hadn't! So, I just restarted krb5kdc and that seems to do it. > >Of course, I still can't get a TGT with a lifetime greater than 21:15:00, > >which is the max life set for my krbtgt principal. But at least I know > >that 'kinit -l' isn't broken. > > So, I guess the key is you need to set: > > - max_life in kdc.conf > - Restart kdc > - desired lifetime on both client and krbtgt principal
- I've seen this question a least 3-4 times on the list. Is it in the FAQ? > >(and probablyservice principals as well). > - Unless you are using the server principals to get tickets, I don't see any reason to reset those values. Yes, you will get service tickets with a shorter lifetime, but so what? As long as you have a krbtgt you can get all the service tickets you need[1]. - Booker C. Bense [1]- except for changepw and others that require a direct exchange. ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] http://mailman.mit.edu/mailman/listinfo/kerberos
