[OpenAFS] token lifetime

[Jeffrey Altman]

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig05E2B0C8EB7375500D1D8822
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable



On Friday, July 06, 2012 3:31:08 AM, Jayen Ashar wrote:
> How can I do a life of unlimited (with krb5)?  I made the
> modifications to the kdc.conf file so max_life and max_renewable_life
> are both "0d".  I set the lifetime on all the principals in the krb5
> database and changed the configuration of pam_krb5afs in the krb5.conf
> file to reflect these changes.  I can see the afs service ticket and
> token expire on 03:14:07 UTC on Tuesday, 19 January 2038 (which I
> assume represents "unlimited").  The openafs server is, however,
> rejecting the token outright.

The code in question is tkt_DecodeTicket5() in src/rxkad/ticket5.c and
tkt_CheckTimes() in src/rxkad/ticket.c.    If the 'end' value is not
exactly NEVERDATE (0xFFFFFFFF) and ('end' - 'start' is greater than
30 days, the token will be rejected.






--------------enig05E2B0C8EB7375500D1D8822
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)

iQEcBAEBAgAGBQJP9pz1AAoJENxm1CNJffh4UEUIAOFX+v7Wii1eVGZQ6d+iCSH4
hlu5L0poBdjBl2R3fRiJ/CrfWwRwxycEYFGV9r7aZEfDAvT3z6U1iR/xSqepcX1E
ANwK1zNfxj3avEkUij2XnYR3k2W3WbB/xFrBelG77xUQb1eRj1bIUFmfwOC+a6k4
iZXG2Lyk58WAN9dreEr2mRuppjM7oUxI6gtL31KUX1yyz9Tere8cL4W/pXPcz8Pz
xGipLG7f90jMtSaF8P6hfdNzGVEZ30Ti3ttYqz9QIumgZYiXJuSESJC9i0BMBCyL
a5613TQDNa9M9IpbIK0a8f9W6/C0yOWdVSNOaPOCqGjROfCW+oDLZ748rGFwF5U=
=nOgo
-----END PGP SIGNATURE-----

--------------enig05E2B0C8EB7375500D1D8822--