I am trying to figure out why my tickets only get a renewable life of 0 instead of 7 days as I specified.
I tried setting both the max_renewable_life (as indicated in another question) as well as renew_lifetime to 7 days (7d and 856800) in my krb5.conf and kdc.conf but that did not work. I've set them under [realms](krb5/kdc) and [libdefaults](krb5) but the daemon seems to ignore this setting.
The ticket_lifetime however works.
I ran following commands (unneccesary output redacted):
$ kinit -r 20m -l 10m PRINCIPAL
$ klist -f
Valid starting Expires Service principal
04.03.2020 19:18:46 04.03.2020 19:28:44 krbtgt/REALM@REALM
renew until 04.03.2020 19:18:46, Flags: RIA
As you can see the maximum life of the kinit works like a charm but renew won't do a thing.
In my frustration I've set those on the client as well with no luck. I know about the maxlife of the principal and set it to 7 days as well but that did also not work for me.
If it helps: I am running FreeBSD (FreeNAS) and compiled the kerberos myself. Is there some other setting to use or is there maybe a compile time option that I need to set?
Edit 1:
$ kadmin
kadmin: getprinc comfix
Principal: comfix@REALM
Expiration date: [never]
Last password change: Mi Mär 04 21:00:00 CET 2020
Password expiration date: [never]
Maximum ticket life: 0 days 10:00:00
Maximum renewable life: 7 days 00:00:00
Last modified: Mi Mär 04 21:02:47 CET 2020 (comfix/admin@REALM)
Last successful authentication: Mi Mär 04 22:14:13 CET 2020
Last failed authentication: [never]
Failed password attempts: 0
Number of keys: 2
Key: vno 1, aes256-cts-hmac-sha1-96
Key: vno 1, aes128-cts-hmac-sha1-96
MKey: vno 1
Attributes: REQUIRES_PRE_AUTH DISALLOW_SVR
Policy: [none]
