ads_cached_connection() in winbindd_ads.c: tickets expired?

Jeremy Allison jra at
Mon Mar 22 05:31:42 GMT 2004

On Sun, Mar 21, 2004 at 08:37:01PM -0700, Jim McDonough wrote:
> Ok, before I dig too far in this (which either takes 10 hours at a shot to
> reproduce it or I figure a way to make win2k give us short-lived tickets),
> I'd like a sanity check.  It appears to me that the tremendous performance
> gain of caching the connection via ads_cached_connection() in
> winbindd_ads.c comes with a price:  after the tickets expire, the cached
> connection is worthless.  It seems we need to periodically refresh this
> connection, no?  Maybe we need a timestamp and perhaps we can get ticket
> life info out of kerberos when we acquire the tickets?
> Or am I totally missing something here?  I've got a customer who is needing
> to restart winbindd every 10 hours, as the tickets expire...seems like we
> would have had complaints about this already, which is why I'm wondering if
> it's a setup issue.

Hmmmmm. Doesn't mit kerberos by default request 10 hour
tickets if you don't configure a requested lifetime in
the krb5.conf.

Have you tried setting  ?

 ticket_lifetime = XXXXX

(I think it's either in second or minutes - try it and see
what klist says).


More information about the samba-technical mailing list