[OpenAFS] OpenAFS + Kerb5: lifetimes
Jeff Blaine
jblaine@kickflop.net
Thu, 12 Jul 2007 17:01:48 -0400
I spoke way too soon.
One of them was off.
They're all three set to "2 days" now as a test and I still only
get tickets and tokens for 24hrs.
Jeffrey Altman wrote:
> Jeff Blaine wrote:
>> I'm using OpenAFS 1.4.3, pam_afs_session, and pam_krb5 from
>> Russ Alberry. Can anyone shed light on why my tickets and
>> tokens have only a 24hr lifetime?
>>
>> kadmin.local: getprinc jblaine
>> Principal: jblaine@RCF.MITRE.ORG
>> Expiration date: [never]
>> Last password change: Mon Apr 23 14:50:16 EDT 2007
>> Password expiration date: [none]
>> Maximum ticket life: 7 days 00:00:00
>> Maximum renewable life: 0 days 00:00:00
>> Last modified: Tue May 01 14:32:01 EDT 2007 (root/admin@RCF.MITRE.ORG)
>> Last successful authentication: [never]
>> Last failed authentication: [never]
>> Failed password attempts: 0
>> Number of keys: 2
>> Key: vno 1, Triple DES cbc mode with HMAC/sha1, no salt
>> Key: vno 1, DES cbc mode with CRC-32, no salt
>> Attributes:
>> Policy: [none]
>> kadmin.local:
>
> What are the maximum ticket lifetimes for your
> krbtgt/RCF.MITRE.ORG@RCF.MITRE.ORG and afs[/cell]@RCF@MITRE.ORG
> principals?
>
> The maximum lifetime is the minimum of the user, tgt and service principals.
>
> Jeffrey Altman