ITEM: G6560L

DCE: wants to make ticket life UNLIMITED

Question:

I am running DCE and I have some applications that are stopping 
with the message that their ticket life has expired.
  
In SMIT I have seen that the settings are for default, but
when I press F4, no list is available for the settings.  

How can I make the ticket life unlimited?

Response:

The registry property values set the limits for ticket lifetime for the 
entire registry. Values assigned to individual accounts cannot exceed 
the property values associated with the registry.

To change these values from smit do the following:

\# dce_login cell_admin
\# smitty dce
  DCE Security and Users Administration
  Registry Policies and Properties
  Authenticated Policies and Properties

                     Authenticated Policies and Properties

Type or select values in entry fields.
Press Enter AFTER making all desired changes.
  
                                                        [Entry Fields]
  MINIMUM ticket lifetime (in minutes)               [5m]
  DEFAULT ticket lifetime (in hours)                 [0]
  MAXIMUM ticket lifetime (in hours)                 [forever]
  Maximum RENEWABLE ticket lifetime (in hours)       [forever]
  

Here are the steps to make the same change directly with rgy_edit:

\# dce_login as cell_admin
\# rgy_edit

rgy_edit=> properties
  Properties:
    Properties for Registry at:               /.../encina112
    Registry is NOT read-only
    Certificates to this server may be generated at any site.
    Encrypted passwords are hidden
    Unix IDs ARE embedded in PGO UUIDs
    Low UID for principal creation:           100
    Low UID for group creation:               100
    Low UID for org creation:                 100
    Maximum possible UID:                     32767
    Minimum certificate lifetime              5m
    Default certificate lifetime
Do you wish to make changes [y/n]? (n) y
Stamp registry read-only [y/n]? (n)
Should encrypted passwords be hidden [y/n]? (y)
Lower bound on principal unix id for automatic UID assignment: (100)
Lower bound on group     unix id for automatic UID assignment: (100)
Lower bound on org       unix id for automatic UID assignment: (100)
Maximum allowable unix id: (32767)
Minimum certificate lifetime (minutes): (5m)
Default certificate lifetime (hours): (10h) 0
rgy_edit=> authpolicy
  Authentication Policy:

    Max certificate lifetime:                 1d
    Max renewable lifetime:                   1w
Do you wish to make changes [y/n]? (n) y
maximum certificate lifetime in hours or 'forever':(1d) forever
maximum certificate-renewable lifetime in hours or 'forever':(1w) forever
rgy_edit=>




Support Line: DCE: wants to make ticket life UNLIMITED ITEM: G6560L

Dated: May 1994 Category: N/A

This HTML file was generated 99/06/24~13:30:49

Comments or suggestions?
Contact us