[OpenAFS] token lifetime
Jayen Ashar
jayen@science.unsw.edu.au
Fri, 6 Jul 2012 17:31:08 +1000
On Sun, Jul 13, 2003 at 5:26 AM, Derrick J Brashear <shadow@dementia.org> wrote:
> On Sat, 12 Jul 2003, Richard Wallace wrote:
>
>> Since it is a home network I wanted to lengthen the lifetime of the krb5
>> tickets and afs tokens. Just to have a nice round number, I went with a
>> year for now. I made the modifications to the kdc.conf file so max_life
>> and max_renewable_life are both "365d 0h 0m 0s". I set the lifetime on
>> all the principals in the krb5 database and changed the configuration of
>> pam_krb5afs in the krb5.conf file to reflect these changes.
>
> krb4 with the afs lifetime extensions can do a life of up to 30 days, or
> unlimited. nothing in between. plus, translating something which is that
> long may not work the way you expect, anyway.
How can I do a life of unlimited (with krb5)? I made the
modifications to the kdc.conf file so max_life and max_renewable_life
are both "0d". I set the lifetime on all the principals in the krb5
database and changed the configuration of pam_krb5afs in the krb5.conf
file to reflect these changes. I can see the afs service ticket and
token expire on 03:14:07 UTC on Tuesday, 19 January 2038 (which I
assume represents "unlimited"). The openafs server is, however,
rejecting the token outright.
Thanks,
Jayen
>>
>> Its seems the afs token has a max life of a month, but I haven't found
>> anywhere that this is set. Any ideas?
>
> the variable used to represent the life doesn't go any higher than that.