Got it. Will try this. Thanks, Gaurav
On Thu, Apr 18, 2013 at 2:30 PM, Tiago Elvas <[email protected]> wrote: > Hi, > > I honestly don't know how to update all the users at the same time inside > kadmin. However.... > > My guess would be to: > > - Create a keytab with root/admin credentials (I would suggest you > create a principal named root_script/admin or something) > - List all the principals in a bash script > - Loop in the list and modify all the principals using the keytab > previously created to connect through kadmin using the command: > - kadmin -p root_script/admin -k -t <keytab_filename> -q <query> > - <query> should be something a command as you were inside kadmin: > "modprinc...." to do whatever you want > > Hope the info was helpful. > > Best regards, > Tiago > > > On Thu, Apr 18, 2013 at 10:34 AM, rohit sarewar <[email protected]>wrote: > >> Hi Tiago >> >> As an Administrator , how can I renew all principals using a command. >> There are large number of principals in my case. >> >> Regards >> Rohit Sarewar >> >> >> On Thu, Apr 18, 2013 at 1:53 PM, Tiago Elvas <[email protected]>wrote: >> >>> Hi Gaurav, >>> >>> I have received great help from this mailing list for the same issue. >>> I think you'll find useful information in this topic: >>> >>> http://serverfault.com/questions/132123/how-to-change-the-kerberos-default-ticket-lifetime >>> >>> Best regards, >>> >>> Tiago >>> >>> >>> On Thu, Apr 18, 2013 at 8:45 AM, Gaurav Dasgupta <[email protected]> >>> wrote: >>> >>> > Hi All, >>> > >>> > I have MIT Kerberos setup in a CentOS 6 cluster. Everything is working >>> fine >>> > except one thing. I want to change the default ticket life for all the >>> > principals and their renewal time also. For that I have first changed >>> the * >>> > /etc/krb5.conf* to change the value of *ticket_lifetime = 7d* and >>> > *renew_lifetime >>> > = 30d*. >>> > >>> > Then I restarted the *krb5kdc* and *kadmin* services. Then, from the * >>> > Kadmin.local* shell, I used the following commands: >>> > >>> > modprinc -maxrenewlife 7day krbtgt/MY_REALM >>> > modprinc -maxrenewlife 7day +allow_renewable gaurav >>> > >>> > *Note*: *krbtgt/MY_REALM* is the default service principal and >>> *gaurav* is >>> > a user principal. >>> > >>> > Now, when I am doing *kinit* for *gaurav*, and then *klist* to check >>> the >>> > ticket details, I cannot see the new ticket_lifetime and renew_lifetime >>> > reflected. Its showing the old (default) values of 24h >>> (ticket_lifetime) >>> > and 7d (renew_lifetime). >>> > >>> > I have also tried the command: *kinit -l 7d*. But this is also not >>> working. >>> > >>> > Can someone tell me that how else I can change the ticket_lifetime and >>> > renew_lifetime for all the principals? >>> > >>> > Thanks, >>> > Gaurav >>> > ________________________________________________ >>> > Kerberos mailing list [email protected] >>> > https://mailman.mit.edu/mailman/listinfo/kerberos >>> > >>> ________________________________________________ >>> Kerberos mailing list [email protected] >>> https://mailman.mit.edu/mailman/listinfo/kerberos >>> >> >> > ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
