> nemesis> Yes; I have set the following principals to issue 7d tickets: > nemesis> krbtgt/MYREALM > nemesis> afs > nemesis> K/M > nemesis> krbadm > nemesis> username (of the user) > > Interesting. Given what you've done, it should be possible to kinit > as the user and get a lifetime up to 7 days. What is the the output > of the kadmin "getprinc" command for the principals you listed above?
kadmin.local: getprinc krbtgt/MYREALM.NET Principal: [EMAIL PROTECTED] Expiration date: [never] Last password change: [never] Password expiration date: [none] Maximum ticket life: 30 days 00:00:00 Maximum renewable life: 30 days 00:00:00 Last modified: Tue Nov 12 20:54:53 CST 2002 ([EMAIL PROTECTED]) Last successful authentication: [never] Last failed authentication: [never] Failed password attempts: 0 Number of keys: 3 Key: vno 1, Triple DES cbc mode with HMAC/sha1, no salt Key: vno 1, DES cbc mode with CRC-32, no salt Key: vno 1, DES cbc mode with RSA-MD5, no salt Attributes: REQUIRES_PRE_AUTH Policy: [none] Principal: [EMAIL PROTECTED] Expiration date: [never] Last password change: Sun Oct 20 21:34:43 CDT 2002 Password expiration date: [none] Maximum ticket life: 7 days 00:00:00 Maximum renewable life: 7 days 00:00:00 Last modified: Tue Nov 12 14:18:51 CST 2002 ([EMAIL PROTECTED]) Last successful authentication: [never] Last failed authentication: [never] Failed password attempts: 0 Number of keys: 1 Key: vno 1, DES cbc mode with CRC-32, no salt Attributes: Policy: [none] Principal: [EMAIL PROTECTED] Expiration date: [never] Last password change: Tue Oct 08 22:05:47 CDT 2002 Password expiration date: [none] Maximum ticket life: 30 days 00:00:00 Maximum renewable life: 30 days 00:00:00 Last modified: Tue Nov 12 20:57:07 CST 2002 ([EMAIL PROTECTED]) Last successful authentication: [never] Last failed authentication: [never] Failed password attempts: 0 Number of keys: 6 Key: vno 1, Triple DES cbc mode with HMAC/sha1, no salt Key: vno 1, DES cbc mode with CRC-32, no salt Key: vno 1, DES cbc mode with RSA-MD5, Version 4 Key: vno 1, DES cbc mode with RSA-MD5, Version 5 - No Realm Key: vno 1, DES cbc mode with RSA-MD5, Version 5 - Realm Only Key: vno 1, DES cbc mode with RSA-MD5, AFS version 3 Attributes: REQUIRES_PRE_AUTH Policy: [none] Principal: [EMAIL PROTECTED] Expiration date: [never] Last password change: [never] Password expiration date: [none] Maximum ticket life: 30 days 00:00:00 Maximum renewable life: 30 days 00:00:00 Last modified: Tue Nov 12 20:55:59 CST 2002 ([EMAIL PROTECTED]) Last successful authentication: [never] Last failed authentication: [never] Failed password attempts: 0 Number of keys: 1 Key: vno 1, Triple DES cbc mode with HMAC/sha1, no salt Attributes: DISALLOW_ALL_TIX REQUIRES_PRE_AUTH Policy: [none] Principal: [EMAIL PROTECTED] Expiration date: [never] Last password change: Tue Oct 08 22:30:34 CDT 2002 Password expiration date: [none] Maximum ticket life: 7 days 00:00:00 Maximum renewable life: 7 days 00:00:00 Last modified: Tue Nov 12 14:12:36 CST 2002 ([EMAIL PROTECTED]) Last successful authentication: [never] Last failed authentication: [never] Failed password attempts: 0 Number of keys: 6 Key: vno 1, Triple DES cbc mode with HMAC/sha1, no salt Key: vno 1, DES cbc mode with CRC-32, no salt Key: vno 1, DES cbc mode with RSA-MD5, Version 4 Key: vno 1, DES cbc mode with RSA-MD5, Version 5 - No Realm Key: vno 1, DES cbc mode with RSA-MD5, Version 5 - Realm Only Key: vno 1, DES cbc mode with RSA-MD5, AFS version 3 Attributes: REQUIRES_PRE_AUTH Policy: [none] Some of the principals are set to 30d expiration as I wanted a longer default time under some circumstances. ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] http://mailman.mit.edu/mailman/listinfo/kerberos
