When two or more --??-maxlive or two or more --??-maxrenew options are passed to krbtpolicy-mod command, the command fails.
[root@master ~]# ipa krbtpolicy-mod --pkinit-maxlife 7200 --radius-maxlife 7200 ipa: ERROR: attribute "krbauthindmaxticketlife" not allowed [root@master ~]# ipa krbtpolicy-mod --pkinit-maxrenew 7200 --radius-maxrenew 7200 ipa: ERROR: attribute "krbauthindmaxrenewableage" not allowed [root@master ~]# ipa krbtpolicy-mod --pkinit-maxrenew 7200 Max life: 86400 Max renew: 604800 OTP max life: 364 OTP max renew: 36031 RADIUS max life: 36021 RADIUS max renew: 36011 PKINIT max life: 23432 PKINIT max renew: 7200 Hardened max life: 22332 Hardened max renew: 23331 [root@master ~]# ipa krbtpolicy-mod --pkinit-maxlife 7200 Max life: 86400 Max renew: 604800 OTP max life: 364 OTP max renew: 36031 RADIUS max life: 36021 RADIUS max renew: 36011 PKINIT max life: 7200 PKINIT max renew: 7200 Hardened max life: 22332 Hardened max renew: 23331
Command fails with ipa: ERROR: attribute "krbauthindmaxticketlife" not allowed
ipa: ERROR: attribute "krbauthindmaxticketlife" not allowed
The values of provided options will be changed as if they were set in multiple calls individually.
freeipa-server-4.9.0.dev-0.fc32.x86_64 (master, more specifically from http://freeipa-org-pr-ci.s3-website.eu-central-1.amazonaws.com/jobs/e1bfc622-9611-11ea-bc5f-fa163ee3e098/ ) freeipa-client-4.9.0.dev-0.fc32.x86_64 package ipa-server is not installed package ipa-client is not installed 389-ds-base-1.4.3.8-1.fc32.x86_64 pki-ca-10.8.3-2.fc32.noarch krb5-server-1.18-1.fc32.x86_64
master:
ipa-4-8:
Metadata Update from @frenaud: - Issue close_status updated to: fixed - Issue status updated to: Closed (was: Open)
Metadata Update from @frenaud: - Issue set to the milestone: FreeIPA 4.8.7
Login to comment on this ticket.