[OpenAFS] How to increase default afs ticket expiration?
J. Maynard Gelinas
gelinas@lns.mit.edu
Fri, 15 Mar 2002 11:09:05 -0500 (EST)
Hi,
I'm currently running a test cell and would like to increase the default
afs ticket length from 12 to 24 hours. We're using MIT Kerberos 5 with
openafs-1.2.3 on Debian servers and Redhat-7.2 clients. I've got the KDC
configured to generate 24 hour TGTs and all principals in the Kerberos
database are set with a maxlife of above 24 hours. The pam_krb5afs.so is
set with a ticket_lifetime=86000 (seconds) for 24 hours in the auth
stanza... so, when a user logs in (s)he gets a 24 hour TGT, a 22 hour V4
conversion of the TGT why only 22 hours?), and an afs ticket of 12 hours:
Default principal: gelinas@LNS.MIT.EDU
Valid starting Expires Service principal
03/15/02 10:52:30 03/16/02 10:45:48 krbtgt/LNS.MIT.EDU@LNS.MIT.EDU
renew until 03/16/02 10:45:48
Kerberos 4 ticket cache: /tmp/tkt1126_WCqcDv
Principal: gelinas@LNS.MIT.EDU
Issued Expires Principal
03/15/02 10:52:30 03/16/02 08:07:30 krbtgt.LNS.MIT.EDU@LNS.MIT.EDU
03/15/02 10:52:29 03/15/02 22:37:29 afs@LNS.MIT.EDU
the afs principal is set to a maxlife of 24 hours as well. So, does
anyone know how I can force a new afs ticket length on login?
Thanks!
--Maynard