Hi Greg, you are right - this seems to be the reason for the failing. Thank you very much for pointing me to this! I cannot explain why it did not hit me before the change to LDAP BE ... at least it works now. Thank you very much for that!
I also got an answer by Mark Pröhl, the author of the mentioned book, aside from this list. He pointed me to the Errata of his book, located at http://www.kerberos-buch.de/errata.html . These issues are already pointed there. So thanks everybody for noticing. Best regards, Marc Richter Am 19.02.2015 um 16:55 schrieb Greg Hudson: > On 02/19/2015 10:16 AM, Marc Richter wrote: >> kinit: Invalid format of Kerberos lifetime or clock skew string while >> getting initial credentials > > I believe that error results from these lines in krb5.conf: > > ticket_lifetime = 10 hours > renew_lifetime = 7 days > > These should be "10h" and "7d", as documented in: > http://web.mit.edu/kerberos/krb5-latest/doc/basic/date_format.html#time-duration > > This error originates in the client, and should happen consistently > regardless of whether you are using the DB2 or LDAP KDB modules on the KDC. > ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
