Administering the Kerberos Server

Rules for Setting Maximum Renew Time

NOTE

Rules for Setting Maximum Renew Time

Maximum renew time indicates the maximum amount of time for which a ticket can be renewed. You can specify the maximum renew time value in the Principal Information>General>Maximum Renew Time text box.

The format for the ticket lifetime is as follows:

[Nw] [Nd] [Nh] [Nm]

where:

N

Indicates an integer number.

w, d, h, m Identifies the unit of time: weeks, days, hours, or minutes, respectively.

A number without a suffix w,d,h, or m is interpreted as hours.

Spaces are not allowed between the number and the suffix.

Following are some examples for denoting the maximum renew time:

1d9h is 1 day and 9 hours.

4h24m is 4 hours and 24 minutes.

18 is 18 hours.

You can also express the time units by using full words. For example, 1day is the same as 1d. You can also use the keywords week, day, hour, and minute to denote w, d, h, or m, respectively.

The maximum lifetime for a ticket issued to any principal in any given realm is controlled by the settings for the reserved principal krbtgt/REALM@REALM.

Do not enter a renewal time of 0 (zero). To restrict the issuance of renewable tickets, clear the Allow Renewable option in the Principal Information window>Attributes tab.

The following error message is displayed when you enter 0 (zero) for Maximum Renew Time and click OK or Apply in the Principal Information>General tab:

156

Chapter 8

Page 156
Image 156
HP UX Kerberos Data Security Software manual Rules for Setting Maximum Renew Time