Re: [OpenAFS] token lifetime
Thu, 29 Jun 2006 12:44:06 -0400
On 6/29/06, Ken Hornstein <email@example.com> wrote:
> >I am not using kerberos (yet), so I have to set it with kas.
> >Can it be set to never expire ? or is the maximum lifetime 720 hours ?
> Just as a note ... if you set you tickets to never expire (which I don't
> think is possible with the current code), you're just asking to be 0wned.
> Just my $0.02.
What he said.
You set things in ka with "kas setfields" [or just type "kas", hit
return, and use it interactively, similarly to kadmin].
Using KAS means you're using K4, which is very insecure. Using an
insecure authentication mechanism with long lasting tickets is a good
way to get your whole cell comprimised.
I think you'll find few people here are going to give you advice on
how to set yourself up for a disaster.