From help it is not clear how behavior differs when you specify the user and when you omit the user. This should be more explicitly explained.
ipa help krbtpolicy - no mention of global vs. user - same is true with the show and mod commands
Kerberos ticket policy
There is a single Kerberos ticket policy. This policy defines the maximum ticket lifetime and the maximum renewal age, the period during which the ticket is renewable.
EXAMPLES:
Display the current Kerberos ticket policy: ipa krbtpolicy-show
Reset the policy to the default: ipa krbtpolicy-reset
Modify the policy to 8 hours max life, 1-day max renewal: ipa krbtpolicy-mod --maxlife=28800 --maxrenew=86400
Topic commands: krbtpolicy-mod Modify Kerberos ticket policy. krbtpolicy-reset Reset Kerberos ticket policy to the default values. krbtpolicy-show Display the current Kerberos ticket policy.
Fixed in: c24725e
Fix component name.
Metadata Update from @jgalipea: - Issue assigned to pzuna - Issue set to the milestone: FreeIPA 2.0.2 RC2 (bug fixing)
Login to comment on this ticket.