Help with ticket expiry

Andrew B. Young Fri, 22 Sep 2006 11:00:08 -0700

I've struggled with ticket expiry for > 8 hours now and am asking for 
help.  Google'ing the topic over these archive has led me to try these 
things, but first my setup--


[ayoung:[EMAIL PROTECTED] ~]$ uname -a
Linux ns1.an3e.org 2.6.17-1.2157_FC5 #1 ... 2006 i686 i686 i386 GNU/Linux

[ayoung:[EMAIL PROTECTED] ~]$ rpm -q -a | grep krb
krb5-server-1.4.3-4.1
krb5-libs-1.4.3-4.1
pam_krb5-2.2.6-2.2

I am trying to increase my expiry from 24h to 72h.

I first edited /etc/krb5.conf *AFTER* creating my principals
Under [libdefaults]
FROM: ticket_lifetime = 24h TO: 72h
And sudo /etc/rc.d/init.d/krb5kdc reload

kdestroy; kinit; klist (for example) doesn't seem to have done much--
[ayoung:[EMAIL PROTECTED] ~]$ klist
Ticket cache: FILE:/tmp/krb5cc_25670
Default principal: [EMAIL PROTECTED]
Valid starting     Expires            Service principal
09/22/06 09:44:53  09/23/06 09:44:53  krbtgt/[EMAIL PROTECTED]

Four hours of googling later--
kadmin: modify_principal -maxlife 72h ayoung

Thirty minutes of googling later--
kadmin:  modify_principal  -maxlife "3 days" ayoung

kadmin:  getprinc ayoung
Principal: [EMAIL PROTECTED]
Expiration date: [never]
Last password change: Mon Jul 31 14:28:45 PDT 2006
Password expiration date: [none]
Maximum ticket life: 3 days 00:00:00
Maximum renewable life: 0 days 00:00:00
Last modified: Fri Sep 22 10:50:36 PDT 2006 (admin/[EMAIL PROTECTED])
Last successful authentication: [never]
Last failed authentication: [never]
Failed password attempts: 0
Number of keys: 2
Key: vno 1, Triple DES cbc mode with HMAC/sha1, no salt
Key: vno 1, DES cbc mode with CRC-32, no salt
Attributes:
Policy: [none]

And again for krbtgt--
kadmin:  modify_principal  -maxlife "3 days" krbtgt/AN3E.ORG

But it seems that I still don't have a 3 day ticket--
[ayoung:[EMAIL PROTECTED] ~]$ kdestroy;kinit;klist
Password for [EMAIL PROTECTED]:
Ticket cache: FILE:/tmp/krb5cc_25670
Default principal: [EMAIL PROTECTED]

Valid starting     Expires            Service principal
09/22/06 10:53:48  09/23/06 10:53:48  krbtgt/[EMAIL PROTECTED]


Kerberos 4 ticket cache: /tmp/tkt25670
klist: You have no tickets cached


 From the posts I've discovered this should be all I need do to increase 
the expire for the principal "ayoung".  Any thoughts? Thanks much!

-Andrew

________________________________________________
Kerberos mailing list           [email protected]
https://mailman.mit.edu/mailman/listinfo/kerberos

Help with ticket expiry

Reply via email to