On Mon, Oct 25, 2004 at 04:46:21PM -0400, Kevin Coffman wrote: > > > Also check the properties on the client and service principals > > > (including the krbtgt principals). I forget whether max renewable > > > lifetime is one of them, but if it is, it would be set when the > > > principal is created or when you use "modprinc" in kadmin, and the > > > config file specifications won't extend it, only (potentially) further > > > limit it. > > > > You had me all excited for a minute... but no: > > > > kadmin: getprinc phil > > ... > > Maximum renewable life: 7 days 00:00:00 > > > That's the client. What about > getprinc krbtgt/[EMAIL PROTECTED] ?
Aha! Maximum renewable life: 0 days 00:00:00 So... "krbtgt" is the principal for... the domain? I'm still catching up on Kerberos here. so a modprinc -maxrenewlife 7d krbtgt/[EMAIL PROTECTED] Should fix this? -- Phil Dibowitz Systems Architect and Administrator Enterprise Infrastructure / ISD / USC UCC 174 - 213-821-5427
pgpvstkkVGQzd.pgp
Description: PGP signature
________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos
