Hello,
I'm having trouble with setting the renewal time for the this kerberos
installation, and I would like to ask for help.
The problem is, however i acquire the tickets, I'm getting a renew-until
time matching the valid-starting field:
Valid starting Expires Service principal
02/10/15 10:16:15 02/10/15 16:16:15 krbtgt/REALM@REALM
renew until 02/10/15 10:16:15, Flags: FRI
So far what I've set:
1) in /etc/krb5.conf:
max_renewable_life = 7d 0h 0m 0s
into the [realm]/ REALM section
AND:
renew_lifetime = 3d
in [libdefaults]
2) kdc.conf:
max_renewable_life = 7d 0h 0m 0s
into [realms] / REALM
3) modprinc -maxnrenewlife "7 days" $principal
4) tkt policy with krb5_ldap_util:
kdb5_ldap_util ... create_policy -r REALM -maxtktlife "1 day"
-maxrenewlife "7 days" +allow_renewable" deftktpolicy
and adding it to the principal:
modprinc -x tktpolicy=deftktpolicy $principal
5) setting allow_renewable for the principal:
modpol +allow_renewable $principal
I'm on CentOS6 with the following krb version:
krb5-server-1.10.3-33.el6.x86_64
krb5-server-ldap-1.10.3-33.el6.x86_64
Anyone has any idea why I'm not getting a proper renew-until timestamp
for the acquired tickets? I'm running out of ideas and googling what
might be wrong here.
Thanks in advance.
Regards,
Gergely
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
