[OpenAFS] OpenAFS + Kerb5: lifetimes
Derrick J Brashear
shadow@dementia.org
Thu, 12 Jul 2007 17:08:24 -0400 (EDT)
On Thu, 12 Jul 2007, Russ Allbery wrote:
> Jeff Blaine <jblaine@kickflop.net> writes:
>
>> I'm using OpenAFS 1.4.3, pam_afs_session, and pam_krb5 from Russ
>> Alberry. Can anyone shed light on why my tickets and tokens have only a
>> 24hr lifetime?
>
> Because the Kerberos libraries hard-code a 24 hour lifetime unless you
> configure something else. You can either set ticket_lifetime in
> [libdefaults] in krb5.conf or you can set ticket_lifetime as a pam_krb5
> option in [appdefaults] or in the PAM configuration.
>
if this still fails, try the kinit... i really do want to know if simply
specifying a 7 day lifetime on the command line does what you want
oh right. heimdal or mit on the client?