[rhn-users] kerberos server : life time ticket problem

[Frederic Medery <dist-list LEXUM UMontreal CA>]

Hello,
Server : RHEL v3
I create the krb5 srv with settings below

Here my krb5.conf
(...)
pam = {
  debug = false
  ticket_lifetime = 7d 0h 0m 0s
  renew_lifetime = 10d 0h 0m 0s
  forwardable = true
  krb4_convert = false
}

my kdc.conf
(...)
[realms]
MYREALM = {
 max_life = 7d 0h 0m 0s
 max_renewable_life = 10d 0h 0m 0s
(...)

and my getprinc
(...)
Last password change: Mon Dec 06 10:17:23 EST 2004
Password expiration date: Tue Apr 05 11:17:23 EDT 2005
Maximum ticket life: 7 days 00:00:00
Maximum renewable life: 10 days 00:00:00


BUT, on ma station : kinit user and then klist :
Valid starting     Expires            Service principal
12/07/04 10:17:36  12/08/04 10:17:36  krbtgt/MYREALM MYREALM
12/07/04 10:18:02  12/08/04 10:17:36  ldap/ldap domain com MYREALM

And no way to renew ticket

of course, if a use kinit -r "4d" -l "2d" and then klist :
Valid starting     Expires            Service principal
12/07/04 10:19:49  12/09/04 10:19:49  krbtgt/MYREALM MYREALM
       renew until 12/11/04 10:19:49
12/07/04 10:20:20  12/09/04 10:19:49  ldap/ldap domain com MYREALM
       renew until 12/11/04 10:19:49

I thought that kinit would take my default in krb5.conf.

Did I miss something ? is there a prob via redhat RPM ?


Thanks !!

FM


--
Frederic Medery
System Administrator

LexUM, University of Montreal