[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Miscellaneous questions regarding krb5.conf?

To: jay alvarez <kerber0sb0y@yahoo.com>
Subject: Re: Miscellaneous questions regarding krb5.conf?
From: "Brandon S. Allbery KF8NH" <allbery@ece.cmu.edu>
Date: Wed, 14 Dec 2005 23:09:37 -0500
Cc: heimdal-discuss@sics.se
In-Reply-To: <20051215034900.26691.qmail@web32607.mail.mud.yahoo.com>
References: <20051215034900.26691.qmail@web32607.mail.mud.yahoo.com>
Sender: owner-heimdal-discuss@sics.se


On Dec 14, 2005, at 10:49 , jay alvarez wrote:

> 3. perhaps the krb5.conf manual should indicate which sections/ 
> bindings is for a client and which is for a server. When I kinit  
> from a machine with a lifetime of "10 hours" (kinit -l "10 hours"  
> myusername@OUR.REALM) I got a ticket with a ten hours lifetime even  
> if the "ticket_lifetime" in the [libdefaults] section of the kdc's  
> krb5.conf is set to only 8 hours as well as in the clients krb5.conf.

Er?  The default "ticket_lifetime" is just that, a default lifetime  
used if the client doesn't specify one.  If you want to clamp it then  
you need to specify a maximum lifetime, not a default.

-- 
brandon s. allbery     [linux,solaris,freebsd,perl]       
allbery@kf8nh.com
system administrator  [openafs,heimdal,too many hats]   
allbery@ece.cmu.edu
electrical and computer engineering, carnegie mellon university       
KF8NH

References:
- Miscellaneous questions regarding krb5.conf?
  - From: jay alvarez <kerber0sb0y@yahoo.com>

Prev by Date: Miscellaneous questions regarding krb5.conf?
Next by Date: Re: Using John the Ripper with Heimdal
Prev by thread: Miscellaneous questions regarding krb5.conf?
Next by thread: Re: Miscellaneous questions regarding krb5.conf?
Index(es):
- Date
- Thread