Set the default session ttl in generateCert

use default session ttl for `tctl auth sign` leave tctl alone
gravitational · Jun 23, 2023 · da99d31 · da99d31
1 parent 0760bc9
commit da99d31
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/lib/auth/auth.go b/lib/auth/auth.go
@@ -2071,6 +2071,10 @@ func generateCert(a *Server, req certRequest, caType types.CertAuthType) (*proto
 	var sessionTTL time.Duration
 	var allowedLogins []string
 
+	if req.ttl == 0 {
+		req.ttl = time.Duration(authPref.GetDefaultSessionTTL())
+	}
+
 	// If the role TTL is ignored, do not restrict session TTL and allowed logins.
 	// The only caller setting this parameter should be "tctl auth sign".
 	// Otherwise, set the session TTL to the smallest of all roles and