Nicolas Williams wrote: > On Sat, Feb 28, 2009 at 11:40:26PM -0500, Jason Edgecombe wrote: > >> I guess setting things for renewable tickets longer than 7 days or >> running the jobs in local disk will be easiest. >> >> We have a 7 day normal/renewable lifetime. What length do other sites have? >> > > I have seen sites use on the order of months for the renewable ticket > lifetime, but still hours for normal ticket lifetime. If you already > use seven days for renew life you might as well double it -- whatever > your threat model is, if you can accept seven days then chances are you > can accept fourteen. > Doubling it wouldn't really help. It would probably need to be on the order of a month. If I were to change the renewable lifetime, I need to change all principals, the client krb5.conf and the server kdc.conf. Is that correct?
Thanks, Jason ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
