[Samba] Kerberso tgt token life on samba4
Andrew Bartlett
abartlet at samba.org
Thu Jan 30 12:04:57 MST 2014
On Wed, 2014-01-29 at 13:16 +0000, Damien Dye wrote:
> Guys
>
>
> is it possible on samba 4 to raise the expiry time on tgt tickets to be
> more than 10 hours ?
Yes.
> I have users running scripts that need a longer expiry time on the token
You could ask for a renewable ticket, and renew it, or change the
lifetime in the same way you would in AD. The same LDAP entries control
this in Samba.
> on another side note is it the Samba 4 DC that decides the renewal date of
> the tokens also ?
Yes, the KDC sets the limits, but the client can ask for less (eg the
krb5.conf on the client).
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the samba
mailing list