[Samba] Kerberso tgt token life on samba4

Andrew Bartlett abartlet at samba.org
Thu Jan 30 12:04:57 MST 2014


On Wed, 2014-01-29 at 13:16 +0000, Damien Dye wrote:
> Guys
> 
> 
> is it possible on samba 4 to raise the expiry time on tgt tickets to be
> more than 10 hours ?

Yes.

> I have users running scripts that need a longer expiry time on the token

You could ask for a renewable ticket, and renew it, or change the
lifetime in the same way you would in AD.  The same LDAP entries control
this in Samba. 

> on another side note is it the Samba 4 DC that decides the renewal date of
> the tokens also ?

Yes, the KDC sets the limits, but the client can ask for less (eg the
krb5.conf on the client). 

Andrew Bartlett

-- 
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba




More information about the samba mailing list