As an admin, I want to be able to control the ticket policy max lifetime. This is currently possible using the krbtpolicy plugin but the maximum is controlled via the kdc.conf configuration file so it is only configurable to a point.
This RFE is derived from https://pagure.io/freeipa/issue/9121
Specifically this from the associated BZ (lightly edited for readability out of context):
To increase the lifetime beyond 7days (and renewable life beyond 14days) it is actually needed to do 2 things (after applying your fix):
1-Increase the maxlife and maxrenewlife of the krbtgt/EXAMPLE.COM principal (the service principal that supplies the ticket) 2-Increase the max_life and max_renewable_life parameters in /etc/kerberos/krb5kdc/kdc.conf
For values lower than that, the fix solves all issues.
Login to comment on this ticket.