Enlarging the maximum renewable lifetime

The max renewable lifetime for the default user in our realm is set to a week. Let's make it a year:

  1. kadmin> get default@MY.REALM
             Principal: default@MY.REALM
    <snip>
       Max ticket life: 1 day
    Max renewable life: 1 week
    <snip>
               Aliases: 

    kadmin> modify default@MY.REALM
    Max ticket life [1 day]:
    Max renewable life [1 week]:1year
    <snip>
    kadmin> get default@RUG.NL
             Principal: default@MY.REALM
    <snip>
       Max ticket life: 1 day
    Max renewable life: 1 year
    <snip>

    kadmin>

    [Note]Note

    Note that this affects only new principals, and that it should be done for all principals.

  2. In /etc/krb5.conf on the client, put:

    <snip>
    [appdefaults]
    forwardable = true
    pam = {
            minimum_uid = 1000000
            renew_lifetime=365d 1
            MY.REALM = {
                      ignore_k5login = true
                      debug = true
                     }
          }
    <snip>
    	  

    1

    This is the line that matters

  3. admin@bosshost:~$ ssh user@host
    <snip>
    user@host:~$ klist -v
    <snip>
    Auth time:  Mar 17 11:36:51 2011
    End time:   Mar 17 21:36:51 2011
    Renew till: Mar 16 11:36:51 2012
    <snip>