Hello,

I would appreciate your advice on what is the best way to set default
kerberos 5 ticket lifetime
and what are the necessary configuration in the server and the client side.

I tried the following configuration but it didn't seems to work:

Server Side

1) The file kdc.conf -

I set "max_life = 168h 0m 0s" under the [realms] section.

2) I have also modified the principal and set its maxlife option as follows

> kadmin.local

Attempting to bind to one or more LDAP servers. This may take a
while...
kadmin.local: modify_principal -maxlife 168hours test@REALM
Principal "test@REALM" modified.
kadmin.local: getprinc test@REALM
Principal: test@REALM
Expiration date: [never]
Last password change: Thu Nov 15 13:53:50 IST 2007
Password expiration date: Wed Feb 13 13:53:50 IST 2008
Maximum ticket life: 7 days 00:00:00
Maximum renewable life: 7 days 00:00:00
Last modified: Thu Nov 15 15:32:10 IST 2007
Last successful authentication: [never]
Last failed authentication: [never]
Failed password attempts: 0
Number of keys: 4
Key: vno 4, Triple DES cbc mode with HMAC/sha1,
no salt
Key: vno 4, ArcFour with HMAC/md5,
no salt
Key: vno 4, AES-256 CTS mode with 96-bit SHA-1 HMAC,
no salt
Key: vno 4, DES cbc mode with RSA-MD5,
no salt

Attributes:
REQUIRES_PRE_AUTH
Policy: default

Linux Client Side:

No special configuration here


Thank you in advance,

Ido Levy
IBM R&D Labs in Israel