From owner-freebsd-security  Fri Feb  1 14:20:17 2002
Delivered-To: freebsd-security@freebsd.org
Received: from www.pbspro.com (www.pbspro.com [209.128.88.98])
	by hub.freebsd.org (Postfix) with ESMTP id 0603737B404
	for <freebsd-security@FreeBSD.ORG>; Fri,  1 Feb 2002 14:20:10 -0800 (PST)
Received: from www (www [209.128.88.98])
	by www.pbspro.com (8.11.3nb1/8.11.3) with ESMTP id g11MGpx16931
	for <freebsd-security@FreeBSD.ORG>; Fri, 1 Feb 2002 14:16:51 -0800 (PST)
Date: Fri, 1 Feb 2002 14:16:51 -0800 (PST)
From: "Thomas M. Proett" <proett@pbspro.com>
X-X-Sender: proett@www
To: freebsd-security@FreeBSD.ORG
Subject: zero renew time
Message-ID: <Pine.NEB.4.43.0202011409260.16884-100000@www>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

Hi,

I just installed kerberos on a FreeBSD machine from
/usr/ports/security/krb5.  The version info is:

PORTNAME=               krb5
PORTVERSION=            1.2.2
PORTREVISION=           4

All seemed to go fine and I set up the config files:

/etc/krb5.conf
==============
[libdefaults]
  ticket_lifetime = 600
  default_realm = BSD.PBSPRO.COM
  default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc
  default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc
  default_keytab_name = /krb5/v5srvtab

[realms]
  BSD.PBSPRO.COM = {
    kdc = mongo.pbspro.com
    default_domain = pbspro.com
  }

[logging]
  kdc = FILE:/var/log/krb5kdc.log
  admin_server = FILE:/var/log/kadmin.log
  default = FILE:/var/log/krb5lib.log

[domain_realm]
  .pbspro.com = BSD.PBSPRO.COM
  pbspro.com = BSD.PBSPRO.COM
===============

/usr/local/var/krb5kdc/kdc.conf
===============================
[kdcdefaults]
 acl_file = /usr/local/var/krb5kdc/kadm5.acl
 dict_file = /usr/share/dict/words
 admin_keytab = /usr/local/var/krb5kdc/kadm5.keytab

[realms]
 BSD.PBSPRO.COM = {
  master_key_type = des-cbc-crc
  supported_enctypes = des-cbc-crc:normal des3-cbc-raw:normal des3-cbc-sha1:norm
al des-cbc-crc:v4 des-cbc-crc:afs3
  max_life = 10h 0m 0s
  max_renewable_life = =7d 0h 0m 0s
 }
================================


I can run kinit asking for a renewable ticket but I get zero
for the renewable time.

----------------------------------------------------------
proett 3> kinit -f -l 1h -r 1d
Password for proett@BSD.PBSPRO.COM:
proett 4> klist -f
Ticket cache: FILE:/tmp/krb5cc_1001
Default principal: proett@BSD.PBSPRO.COM

Valid starting     Expires            Service principal
02/01/02 12:41:19  02/01/02 13:41:19  krbtgt/BSD.PBSPRO.COM@BSD.PBSPRO.COM
        renew until 02/01/02 12:41:19, Flags: FRI
----------------------------------------------------------

Any ideas why this happens?

Tom Proett

Veridian Systems
PBSPro Development
650-967-4675 x233


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message