[Samba] Kerberso tgt token life on samba4
Damien Dye
damien.dye at sondrel.com
Fri Jan 31 02:02:08 MST 2014
On 30 January 2014 19:04, Andrew Bartlett <abartlet at samba.org> wrote:
> On Wed, 2014-01-29 at 13:16 +0000, Damien Dye wrote:
> > Guys
> >
> >
> > is it possible on samba 4 to raise the expiry time on tgt tickets to be
> > more than 10 hours ?
>
> Yes.
>
> > I have users running scripts that need a longer expiry time on the token
>
> You could ask for a renewable ticket, and renew it, or change the
> lifetime in the same way you would in AD. The same LDAP entries control
> this in Samba.
>
thanks Andrew
Any idea where they are stored in the directory ? as I would normally set
these using the Domain controller policy GPO using windows directly and I
have done that but it's not been picked up.
>
> > on another side note is it the Samba 4 DC that decides the renewal date
> of
> > the tokens also ?
>
> Yes, the KDC sets the limits, but the client can ask for less (eg the
> krb5.conf on the client).
>
> Andrew Bartlett
>
> --
> Andrew Bartlett http://samba.org/~abartlet/
> Authentication Developer, Samba Team http://samba.org
> Samba Developer, Catalyst IT
> http://catalyst.net.nz/services/samba
>
>
>
More information about the samba
mailing list