Yes, you are right. But In my case I used compilation from source code. But at the moment of realm creation the limit 10h was in my kdc.conf. So this limit was copied to principal krbtgt.
2016-08-02 22:56 GMT+03:00 Benjamin Kaduk <ka...@mit.edu>: > On Mon, 1 Aug 2016, Greg Hudson wrote: > > > On 08/01/2016 04:29 AM, Александр Баранин wrote: > > > I use mit kerberos, version krb5-1.14.2, compiled from source. > > > And I can't to force kdc to issue tickets for more than 10 hours. > > > > In addition to the realm setting, the client and server entries in the > > KDC database can also have a max_life value. Using "getprinc" in > > kadmin, look at the "Maximum ticket life" on the user principal and on > > krbtgt/ALFA.IT. Are either of them ten hours? If so, you can change > > them with "modprinc -maxlife". > > (It looks like this is on a Debian system, so I'll note that the debian > krb5-kdc package will create a kdc.conf that has max_life 10 hours on > first installation. So, principals created when such a kdc.conf was in > place would be affected by it.) > > -Ben ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
