rpc.gssd and the ticket lifetime

[Mike Eisler]

> -----Original Message-----
> From: Stanis Trendelenburg 
> [mailto:stanis.trendelenburg at imtek.uni-freiburg.de] 
> Sent: Wednesday, June 27, 2007 8:30 AM
> To: nfsv4 at linux-nfs.org
> Subject: rpc.gssd and the ticket lifetime

> Now I have increased the ticket_lifetime and renew_lifetime of the
TGT
> in /etc/krb5.conf to 7 days, like this (on the client):
> 
> [appdefaults]
>      pam = {
>          ticket_lifetime = 604800
>          renew_lifetime = 604800
>          forwardable = true
>          proxiable = false
>          minimum_uid = 1000
>          use_shmem = sshd
>      }
> 
> When I log in now, 'klist -5' shows me that I have a TGT that 
> is valid 
> for 7 days and can be renewed for 7 days, and an NFS service 
> ticket that 
> can also be renewed for 7 days, but is only valid for 24 hours.

The KDC is probably limiting the ticket lifetime. You'll
need to play with kdc.conf and krb5.conf on the KDC, as well as
the principal's attributes.

  http://www.faqs.org/faqs/kerberos-faq/general/section-38.html





> 
> Since I did only change the lifetime settings in the 'pam' section, I
> suppose rpc.gssd uses the renew_lifetime value of the TGT when
> requesting the NFS ticket. But then why does it still use the default

> value for the ticket_lifetime?
> 
> Regards,
> Stanis
> 
> -- 
> Stanis Trendelenburg          
> stanis.trendelenburg at imtek.uni-freiburg.de
> Chair of Microelectronics
> University of Freiburg, Department of Microsystem Engineering (IMTEK)
> Georges-Koehler-Allee 102, 79110 Freiburg, Germany
> _______________________________________________
> NFSv4 mailing list
> NFSv4 at linux-nfs.org
> http://linux-nfs.org/cgi-bin/mailman/listinfo/nfsv4
>