Hi Gaurav, I have received great help from this mailing list for the same issue. I think you'll find useful information in this topic: http://serverfault.com/questions/132123/how-to-change-the-kerberos-default-ticket-lifetime
Best regards, Tiago On Thu, Apr 18, 2013 at 8:45 AM, Gaurav Dasgupta <gdsay...@gmail.com> wrote: > Hi All, > > I have MIT Kerberos setup in a CentOS 6 cluster. Everything is working fine > except one thing. I want to change the default ticket life for all the > principals and their renewal time also. For that I have first changed the * > /etc/krb5.conf* to change the value of *ticket_lifetime = 7d* and > *renew_lifetime > = 30d*. > > Then I restarted the *krb5kdc* and *kadmin* services. Then, from the * > Kadmin.local* shell, I used the following commands: > > modprinc -maxrenewlife 7day krbtgt/MY_REALM > modprinc -maxrenewlife 7day +allow_renewable gaurav > > *Note*: *krbtgt/MY_REALM* is the default service principal and *gaurav* is > a user principal. > > Now, when I am doing *kinit* for *gaurav*, and then *klist* to check the > ticket details, I cannot see the new ticket_lifetime and renew_lifetime > reflected. Its showing the old (default) values of 24h (ticket_lifetime) > and 7d (renew_lifetime). > > I have also tried the command: *kinit -l 7d*. But this is also not working. > > Can someone tell me that how else I can change the ticket_lifetime and > renew_lifetime for all the principals? > > Thanks, > Gaurav > ________________________________________________ > Kerberos mailing list Kerberos@mit.edu > https://mailman.mit.edu/mailman/listinfo/kerberos > ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
