| Enlarging the maximum renewable lifetime | ||
|---|---|---|
 | Renewal of Kerberos tickets |  |
| Enlarging the maximum renewable lifetime | ||
|---|---|---|
| | Renewal of Kerberos tickets | |
The max renewable lifetime for the default user in our realm is set to a week.
Let's make it a year:
Allowing year-long renewable tickets on the server
kadmin> get default@MY.REALM
Principal: default@MY.REALM
<snip>
Max ticket life: 1 day
Max renewable life: 1 week
<snip>
Aliases:
kadmin> modify default@MY.REALM
Max ticket life [1 day]:
Max renewable life [1 week]:1year
<snip>
kadmin> get default@RUG.NL
Principal: default@MY.REALM
<snip>
Max ticket life: 1 day
Max renewable life: 1 year
<snip>
kadmin>
![[Note]](http://jurjenbokma.com/ApprenticesNotes/images/admon/note.png) | Note |
|---|---|
Note that this affects only new principals, and that it should be done for all principals. |
Asking for year-long renewable tickets on the client
In /etc/krb5.conf on the client, put:
<snip>
[appdefaults]
forwardable = true
pam = {
minimum_uid = 1000000
renew_lifetime=365d 
MY.REALM = {
ignore_k5login = true
debug = true
}
}
<snip>
Test login
admin@bosshost:~$ ssh user@host
<snip>
user@host:~$ klist -v
<snip>
Auth time: Mar 17 11:36:51 2011
End time: Mar 17 21:36:51 2011
Renew till: Mar 16 11:36:51 2012
<snip>
| |  | |
| Renewal of Kerberos tickets |  | Automatically renewing tickets |