[OpenAFS] OpenAFS + Kerb5: lifetimes

Russ Allbery rra@stanford.edu
Thu, 12 Jul 2007 14:48:13 -0700


Jeff Blaine <jblaine@kickflop.net> writes:

> ticket_lifetime = 2d in [libdefaults] of krb5.conf buys me nothing.
> ticket_lifetime is not a documented option for [libdefaults] according
> to the official MIT docs.

It's not a documented option, but the code uses it.

> ticket_lifetime=2d as an option to pam_krb5RA.so buys me nothing.

Okay, your KDC is actually refusing to provide tickets of a lifetime
longer than 1 day, then.

What's the maximum ticket lifetime listed in your kdc.conf?

-- 
Russ Allbery (rra@stanford.edu)             <http://www.eyrie.org/~eagle/>