[OpenAFS] OpenAFS + Kerb5: lifetimes

Jeff Blaine jblaine@kickflop.net
Thu, 12 Jul 2007 17:10:43 -0400 

Seeing Russ's response now that I got the digest email,
but FWIW:

~:rcf-kerbtest-linux> /usr/kerberos/bin/kinit -l7d
Password for jblaine@RCF.MITRE.ORG:

...

Valid starting     Expires            Service principal
07/12/07 17:04:54  07/13/07 17:04:54  krbtgt/RCF.MITRE.ORG@RCF.MITRE.ORG
         renew until 07/12/07 17:04:54

...

~:rcf-kerbtest-linux> /usr/afsws/bin/aklog
~:rcf-kerbtest-linux> tokens

Tokens held by the Cache Manager:

User's (AFS ID 26560) tokens for afs@rcf.mitre.org [Expires Jul 13 17:04]
    --End of list--
~:rcf-kerbtest-linux>

Derrick J Brashear wrote:
> kinit -l7d ?
> 
> On Thu, 12 Jul 2007, Jeff Blaine wrote:
> 
>> I spoke way too soon.
>>
>> One of them was off.
>>
>> They're all three set to "2 days" now as a test and I still only
>> get tickets and tokens for 24hrs.
>>
>> Jeffrey Altman wrote:
>>> Jeff Blaine wrote:
>>>> I'm using OpenAFS 1.4.3, pam_afs_session, and pam_krb5 from
>>>> Russ Alberry.  Can anyone shed light on why my tickets and
>>>> tokens have only a 24hr lifetime?
>>>>
>>>> kadmin.local:  getprinc jblaine
>>>> Principal: jblaine@RCF.MITRE.ORG
>>>> Expiration date: [never]
>>>> Last password change: Mon Apr 23 14:50:16 EDT 2007
>>>> Password expiration date: [none]
>>>> Maximum ticket life: 7 days 00:00:00
>>>> Maximum renewable life: 0 days 00:00:00
>>>> Last modified: Tue May 01 14:32:01 EDT 2007 (root/admin@RCF.MITRE.ORG)
>>>> Last successful authentication: [never]
>>>> Last failed authentication: [never]
>>>> Failed password attempts: 0
>>>> Number of keys: 2
>>>> Key: vno 1, Triple DES cbc mode with HMAC/sha1, no salt
>>>> Key: vno 1, DES cbc mode with CRC-32, no salt
>>>> Attributes:
>>>> Policy: [none]
>>>> kadmin.local:
>>>
>>> What are the maximum ticket lifetimes for your
>>> krbtgt/RCF.MITRE.ORG@RCF.MITRE.ORG and afs[/cell]@RCF@MITRE.ORG
>>> principals?
>>>
>>> The maximum lifetime is the minimum of the user, tgt and service 
>>> principals.
>>>
>>> Jeffrey Altman
>> _______________________________________________
>> OpenAFS-info mailing list
>> OpenAFS-info@openafs.org
>> https://lists.openafs.org/mailman/listinfo/openafs-info
>>
>