[OpenAFS] Token Lifetime

[J]

Hi.

Wondering if someone can help me with changing the default token lifetime of an identity, or the default for all identities.

I read on the OpenAFS site that the default afs entry is 100 hours, the default krbtgt.cellname entry is 720 hours (30 days), and the default entry for the user is 25 hours.

But in Network Identity Manager, my token lifetime appears to be 10 hours, that's by default before I make any changes.

Now oddly, after I changed:

1. modprinc -maxlife 25 hours (principal)

and

2. "ticket_lifetime = 25hrs" in /etc/krb5kdc/kdc.conf

The token lifetime still shows 10 hours when I log in, but the elapsed time does not seem to reflect this actual time.  So, I'll see 9 hours 50 minutes, and then a few hours later it will read "9 hours 10 minutes", for example.

Just wondering if someone can tell me exactly what needs to be changed to alter both the Kerberos and AFS ticket/token lifetime.

Thanks.

John