ads_cached_connection() in winbindd_ads.c: tickets expired?
Jeremy Allison
jra at samba.org
Mon Mar 22 05:31:42 GMT 2004
On Sun, Mar 21, 2004 at 08:37:01PM -0700, Jim McDonough wrote:
>
> Ok, before I dig too far in this (which either takes 10 hours at a shot to
> reproduce it or I figure a way to make win2k give us short-lived tickets),
> I'd like a sanity check. It appears to me that the tremendous performance
> gain of caching the connection via ads_cached_connection() in
> winbindd_ads.c comes with a price: after the tickets expire, the cached
> connection is worthless. It seems we need to periodically refresh this
> connection, no? Maybe we need a timestamp and perhaps we can get ticket
> life info out of kerberos when we acquire the tickets?
>
> Or am I totally missing something here? I've got a customer who is needing
> to restart winbindd every 10 hours, as the tickets expire...seems like we
> would have had complaints about this already, which is why I'm wondering if
> it's a setup issue.
Hmmmmm. Doesn't mit kerberos by default request 10 hour
tickets if you don't configure a requested lifetime in
the krb5.conf.
Have you tried setting ?
ticket_lifetime = XXXXX
(I think it's either in second or minutes - try it and see
what klist says).
Jeremy.
More information about the samba-technical
mailing list