[rhn-users] kerberos server : life time ticket problem
Frederic Medery
dist-list at LEXUM.UMontreal.CA
Tue Dec 7 15:22:13 UTC 2004
Hello,
Server : RHEL v3
I create the krb5 srv with settings below
Here my krb5.conf
(...)
pam = {
debug = false
ticket_lifetime = 7d 0h 0m 0s
renew_lifetime = 10d 0h 0m 0s
forwardable = true
krb4_convert = false
}
my kdc.conf
(...)
[realms]
MYREALM = {
max_life = 7d 0h 0m 0s
max_renewable_life = 10d 0h 0m 0s
(...)
and my getprinc
(...)
Last password change: Mon Dec 06 10:17:23 EST 2004
Password expiration date: Tue Apr 05 11:17:23 EDT 2005
Maximum ticket life: 7 days 00:00:00
Maximum renewable life: 10 days 00:00:00
BUT, on ma station : kinit user and then klist :
Valid starting Expires Service principal
12/07/04 10:17:36 12/08/04 10:17:36 krbtgt/MYREALM at MYREALM
12/07/04 10:18:02 12/08/04 10:17:36 ldap/ldap.domain.com at MYREALM
And no way to renew ticket
of course, if a use kinit -r "4d" -l "2d" and then klist :
Valid starting Expires Service principal
12/07/04 10:19:49 12/09/04 10:19:49 krbtgt/MYREALM at MYREALM
renew until 12/11/04 10:19:49
12/07/04 10:20:20 12/09/04 10:19:49 ldap/ldap.domain.com at MYREALM
renew until 12/11/04 10:19:49
I thought that kinit would take my default in krb5.conf.
Did I miss something ? is there a prob via redhat RPM ?
Thanks !!
FM
--
Frederic Medery
System Administrator
LexUM, University of Montreal
More information about the rhn-users
mailing list