>>>>> "VT" == Vladimir Terziev <[EMAIL PROTECTED]> writes:
VT> I have a MIT Kerberos 5 KDC configured with the following options for our realm: VT> max_life = 15m 0s VT> max_renewable_life = 1h 0m 0s Did you create the database with these particular options set? VT> When I do ``kinit -r 1h'', ``klist -f'' I see the following: VT> Valid starting Expires Service principal VT> 03/07/03 12:12:32 03/07/03 12:27:32 krbtgt/[EMAIL PROTECTED] VT> renew until 03/07/03 12:27:32, Flags: RI VT> After 6 min I do ``kinit -R'', ``klist -f'' I the following is VT> very sgtrange for me: VT> Valid starting Expires Service principal VT> 03/07/03 12:18:26 03/07/03 12:27:32 krbtgt/[EMAIL PROTECTED] VT> renew until 03/07/03 12:27:32, Flags: RIT VT> Klist shows changed starting time, but the expiration time is the same. This is not surprising. The expiration time will not be later than the "renew until" time. It looks like the max renewable life is effectively 15 minutes. VT> Does anybody have an idea about this behaviour of KDC? Is this VT> a bug in KDC or I do someting wrong? It may be a configuration issue. Do all the principals involved, client principal as well as TGT principal, have a max_renewable_life at least one hour long? The shortest of these durations will take effect. ---Tom ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos
