[OpenAFS] OpenAFS + Kerb5: lifetimes

Jeff Blaine jblaine@kickflop.net
Thu, 12 Jul 2007 17:01:48 -0400


I spoke way too soon.

One of them was off.

They're all three set to "2 days" now as a test and I still only
get tickets and tokens for 24hrs.

Jeffrey Altman wrote:
> Jeff Blaine wrote:
>> I'm using OpenAFS 1.4.3, pam_afs_session, and pam_krb5 from
>> Russ Alberry.  Can anyone shed light on why my tickets and
>> tokens have only a 24hr lifetime?
>>
>> kadmin.local:  getprinc jblaine
>> Principal: jblaine@RCF.MITRE.ORG
>> Expiration date: [never]
>> Last password change: Mon Apr 23 14:50:16 EDT 2007
>> Password expiration date: [none]
>> Maximum ticket life: 7 days 00:00:00
>> Maximum renewable life: 0 days 00:00:00
>> Last modified: Tue May 01 14:32:01 EDT 2007 (root/admin@RCF.MITRE.ORG)
>> Last successful authentication: [never]
>> Last failed authentication: [never]
>> Failed password attempts: 0
>> Number of keys: 2
>> Key: vno 1, Triple DES cbc mode with HMAC/sha1, no salt
>> Key: vno 1, DES cbc mode with CRC-32, no salt
>> Attributes:
>> Policy: [none]
>> kadmin.local:
> 
> What are the maximum ticket lifetimes for your
> krbtgt/RCF.MITRE.ORG@RCF.MITRE.ORG and afs[/cell]@RCF@MITRE.ORG
> principals?
> 
> The maximum lifetime is the minimum of the user, tgt and service principals.
> 
> Jeffrey Altman