The default value of max_renewable_lifetime is 0 which means unlimited (IIRC).
Kr, Oliver Am 18.07.2012 um 18:20 schrieb Tiago Elvas: > Well it worked! > > I raised the max_renewable_lifetime to 10min (not a specific value, just a > randomly chosen among the numbers greater that 5 :) ) and it works! > > The thing now is, after this max renewal date is expired, I will not be able > to renew it anymore, won't I? I always have to set a limit on this max renew, > right? > > Thanks! > > On Wed, Jul 18, 2012 at 6:09 PM, Oliver Loch <[email protected]> wrote: > shot in the dark: > > set the max_renewable_lifetime > ticket_lifetime. > > Else the ticket becomes invalid and can't be renewed after 5 minutes... > > KR, > > Oliver > > Am 18.07.2012 um 18:06 schrieb Tiago Elvas: > > > Hi there, > > > > I am experience problems at the time of ticket renewal. > > For this test I am using 5minute tickets (for quick testing) and so: > > > > # /var/kerberos/krb5kdc/kdc.conf > > max_life = 5m 0s > > max_renewable_life = 5m 0s > > # /etc/krb5.conf > > ticket_lifetime = 5m > > renew_lifetime = 5m > > > > The principal in use is named "opends". > > > > I log in and this is my ticket: > > > > [opends ~]$ klist -f > >> Ticket cache: FILE:/tmp/krb5cc_505 > >> Default principal: [email protected] > >> Valid starting Expires Service principal > >> 07/18/12 18:01:33 07/18/12 18:06:33 krbtgt/[email protected] > >> renew until 07/18/12 18:06:33, Flags: FPRIA > >> > >> Kerberos 4 ticket cache: /tmp/tkt505 > >> klist: You have no tickets cached > > > > > > I then do "kinit -R", > > > > [opends ~]$ kinit -R > >> [opends ~]$ echo $? > >> 0 > >> [opends ~]$ > >> [opends@ ~]$ klist -f > >> Ticket cache: FILE:/tmp/krb5cc_505 > >> Default principal: [email protected] > > > > Valid starting Expires Service principal > >> 07/18/12 18:02:25 07/18/12 18:06:33 krbtgt/[email protected] > > > > renew until 07/18/12 18:06:33, Flags: FPRIAT > >> > >> Kerberos 4 ticket cache: /tmp/tkt505 > >> klist: You have no tickets cached > > > > > > > > Does anybody know why this is happening? > > The system is intended to be used along several and "random" days and I > > should not get a ticket expired error so it should be automatic (like in a > > cronjob doing this kinit -R) > > > > Thanks in advance. > > > > Best regards, > > Tiago > > ________________________________________________ > > Kerberos mailing list [email protected] > > https://mailman.mit.edu/mailman/listinfo/kerberos > >
________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
