Steve, I cannot find anywhere that has 24 hours as the "minimum ticket lifetime". Can you suggest anywhere else to look? I am assuming that by "KDC configured max" you are referring to the settings in krb.conf. When you say "per-principal max" - which ones are you referring to? I can't get the right combination of things to get this to work. No matter what I do -- I can't get a ticket > 24 hours.
-----Original Message----- From: Steve Langasek [mailto:[EMAIL PROTECTED] Sent: Monday, October 06, 2003 4:31 PM To: Tony Lill Cc: Kreitzer, Ray; '[EMAIL PROTECTED]' Subject: Re: Unable to get max_life to work over 24 hours On Sun, Oct 05, 2003 at 01:04:39AM -0400, Tony Lill wrote: > You're missing the fact that the max life is hard coded, and any > suggestion in the documentation that it's configurable is a bald-faced > lie! If you want 3 days, you'll have to compile your own. Er, no. What you do have to do is take into account that the ticket lifetime granted is the minimum of the requested ticket lifetime, the KDC's configured maximum, and the per-principal maximum. -- Steve Langasek postmodern programmer > --------------- http://www.ajlc.waterloo.on.ca/ ---------------- > "Welcome to All Things UNIX, where if it's not UNIX, it's CRAP!" > > Kreitzer, Ray <[EMAIL PROTECTED]> wrote: > > > Ray> I am running MIT Kerberos v5-1.2.8. I am attempting to obtain a ticket > Ray> with a life of 3 days. I have set the max_life = 3d in the kdc.conf and > Ray> have set the maxlife in the principal to 3d. I run the kinit -l 3d but it > Ray> seems I can never get a ticket for more than 24 hours. What am I missing? > > Ray> ___________________________________ > > Ray> Ray Kreitzer > Ray> Sr. Database Administrator > Ray> Dick's Sporting Goods > Ray> 200 Industry Drive - RIDC Park West - Pittsburgh, PA 15275 > Ray> Phone (412) 809-0100 x3418 Fax (412) 809-0821 > Ray> Email [EMAIL PROTECTED] ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos
