I am using NIS and Kerberos from the base system of FreeBSD 11. Whenever I login to workstation (text console) I get keys like this: > klist Credentials cache: FILE:/tmp/krb5cc_1001 Principal: ross@LAN Issued Expires Principal Oct 30 09:29:12 2016 Oct 30 19:29:12 2016 host/desktop.lan@LAN Oct 30 09:29:12 2016 Oct 30 19:29:12 2016 krbtgt/LAN@LAN They are valid for exactly 10 hours. However in /etc/krb5.conf I have this: [appdefaults] pam = { ticket_lifetime = 1d default_lifetime = 1d renew_lifetime = 1d } [libdefaults] default_realm = LAN ticket_lifetime = 1d default_lifetime = 1d renew_lifetime = 1d [domain_realm] .lan = LAN [realms] LAN = { kdc = coffin.lan admin_server = coffin.lan kpasswd_server = coffin.lan default_domain = lan } If I run "kinit ross" manually then I get the tickets for one day as expected.
Sounds like a library issue to me, but I will investigate.
Created attachment 180461 [details] Load default options before requesting a TGT Please try this patch: $ cd /usr/src/lib/libpam/modules/pam_krb5 $ patch pam_krb5.c </path/to/patch $ make obj && make depend && make && sudo make install There is no need to reload or restart anything; all subsequent invocations will use the patched module.
It works, I am getting tickets for 1 day now as expected. Thank you
A commit references this bug: Author: des Date: Fri Mar 3 14:06:22 UTC 2017 New revision: 314598 URL: https://svnweb.freebsd.org/changeset/base/314598 Log: Load default options before requesting a ticket. PR: 213909 Reported by: basarevych@gmail.com MFC after: 1 week Changes: head/lib/libpam/modules/pam_krb5/pam_krb5.c
A commit references this bug: Author: des Date: Sun Mar 12 13:22:35 UTC 2017 New revision: 315151 URL: https://svnweb.freebsd.org/changeset/base/315151 Log: MFH (r314598): load default options before requesting ticket PR: 213909 Changes: _U stable/11/ stable/11/lib/libpam/modules/pam_krb5/pam_krb5.c
A commit references this bug: Author: des Date: Sun Mar 12 13:23:23 UTC 2017 New revision: 315152 URL: https://svnweb.freebsd.org/changeset/base/315152 Log: MFH (r314598): load default options before requesting ticket PR: 213909 Changes: _U stable/10/ stable/10/lib/libpam/modules/pam_krb5/pam_krb5.c