[OpenAFS] OpenAFS + Kerb5: lifetimes

Thu, 12 Jul 2007 13:28:45 -0700

Jeff Blaine <jblaine@kickflop.net> writes:

> I'm using OpenAFS 1.4.3, pam_afs_session, and pam_krb5 from Russ
> Alberry.  Can anyone shed light on why my tickets and tokens have only a
> 24hr lifetime?

Because the Kerberos libraries hard-code a 24 hour lifetime unless you
configure something else.  You can either set ticket_lifetime in
[libdefaults] in krb5.conf or you can set ticket_lifetime as a pam_krb5
option in [appdefaults] or in the PAM configuration.

-- 
Russ Allbery (rra@stanford.edu)             <http://www.eyrie.org/~eagle/>