AIX

AIX

Connect with fellow AIX users and experts to gain knowledge, share insights, and solve problems.

 View Only

  • 1.  kerberos extending default ticket life

    Posted Thu September 17, 2009 11:31 AM

    Originally posted by: SystemAdmin


    Hello

    On 5.3 running kerberos ( filesets 1.4.0.8 )
    Trying to extend the default ticket life from 24 hrs to 5 days like so:
    libdefaults
    ticket_lifetime = 5d
    ...
    However this seems to have no effect when I get a new ticket, it stays at the default 24 hours. The change in krb5.conf only seems to work if I lower the ticket life from 24 hours and below.
    The doco release for 1.4.0.8, suggests this entry should work.
    Any pointers ?

    Thanks for nay help


  • 2.  Re: kerberos extending default ticket life

    Posted Thu September 17, 2009 02:19 PM

    Originally posted by: kappa


    there are known apars with it.

    try to fix: bos.rte.security
    try to override: kinit -l <lifetime> -r <renewable_life> krb_user


  • 3.  Re: kerberos extending default ticket life

    Posted Mon June 07, 2010 11:43 PM

    Originally posted by: rsandeep


    With the latest release of IBM NAS 1.5 , it should work.

    you may also try
    ticket_lifetime = 120h


  • 4.  Re: kerberos extending default ticket life

    Posted Sun June 13, 2010 11:31 PM

    Originally posted by: rsandeep


    One thing to keep in mind when you change the ticket lifetime ( which I think you may have missed)
    • Changing the krb5.conf file will only make the ticket being requested from that machine limited to the timeframe given. But you will have to check on the Kerberos Server the credential expiry time that is set by the kerberos admin. That will generally supersede the client settings. Use the kadmin interface to check on those settings.


Related Content