From: Qing Chang (qchang@sten.sunnybrook.utoronto.ca)
Date: Tue May 22 2007 - 11:21:00 EDT
Hello Managers,
The system has Solaris 10 with Kerberos patch 120469-07 installed.
We've configured Sun's Kerberos on this solaris 10
box. Everything seams work straight, crating database, creating
principles etc..
But the KDC ignores quite a few options in kdc.conf file, including:
max_life = 12h 0m 0s
max_renewable_life = 7d 0h 0m 0s
default_principal_flags = +forwardable
Not matter how I set these options, I _always_ get these for principles:
Maximum ticket life: 24855 days 03:14:07
Maximum renewable life: 24855 days 03:14:07
Attributes:
It seams Sun has some defaults set and are unchangeable.
The gkadmin GUI utility shows the two life period exactly
as the above number. If you change and save the changes, next
time you run gkadmin, the old values come back.
Has anyone seen the same behavior? And how to fix it?
MIT Kerberos works fine in this regard, but to utilize Sun's PAM
migration module for our existing user base (900 users), I need
to run Sun's at least when we are migrating users.
Applying the patch 120469-07 did not fix the problem.
TIA, will summarize,
Qing
-- ------------------ Qing Chang Senior Systems Administrator S-620 Research Computing Sunnybrook Health Sciences Centre 2075 Bayview Ave. Toronto, Ontario, M4N 3M5 (416) 480-6100 x3263 qchang@sri.utoronto.ca ------------------ _______________________________________________ sunmanagers mailing list sunmanagers@sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers
This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 23:41:59 EDT