Kerberos ticket_lifetime parameter set value is not working.
(Doc ID 2993139.1)
Last updated on JULY 20, 2024
Applies to:
Advanced Networking Option - Version 19.17.0.0.0 and laterInformation in this document applies to any platform.
Goal
1) We can set Kerberos user ticket expiry time to X value using below parameter on krb5.conf file
[libdefaults]
ticket_lifetime = 24h <<<<<<<<<<<<< Which is set to 24h (1day)
renew_lifetime = 7d <<<<<<<<<<<<<
For any Kerberos ticket, the 'ticket_lifetime' (usually 1 day) is the time for which that particular ticket is valid. Once the ticket gets invalid, there is an option (kinit -R) to renew it. User can keep renewing her ticket this way till 'renew_lifetime' time (usually 7 days). The 'renew_lifetime' is calculated from the time the ticket was first acquired.
After 'renew_lifetime' is over, a ticket can not be used anymore and a fresh ticket is required to be taken.
2) Sometimes we observe the value set ticket_lifetime is not working and the user ticket gets expired before x value set
Below example ticket getting expired within 10 hours.
[oracle@test-oracle19 ~]$ oklist
Kerberos Utilities for Linux: Version 19.0.0.0.0 - Production on 10-NOV-2023 14:49:28
Copyright (c) 1996, 2019 Oracle. All rights reserved.
Configuration file : /etc/krb5.conf.
Ticket cache: FILE:/tmp/krb.cc
Default principal: xx@oracle.com
Valid starting Expires Service principal
11/10/23 14:49:19 11/11/23 00:49:19 krbtgt/xx.COM.xx@xx.COM.xx <<<<<<<<<<<<<<<<<<<<<< 10 hours later Expires
renew until 11/17/23 14:49:15
Solution
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
Goal |
Solution |