[Samba] Kerberso tgt token life on samba4
damien.dye at sondrel.com
Fri Jan 31 02:02:08 MST 2014
On 30 January 2014 19:04, Andrew Bartlett <abartlet at samba.org> wrote:
> On Wed, 2014-01-29 at 13:16 +0000, Damien Dye wrote:
> > Guys
> > is it possible on samba 4 to raise the expiry time on tgt tickets to be
> > more than 10 hours ?
> > I have users running scripts that need a longer expiry time on the token
> You could ask for a renewable ticket, and renew it, or change the
> lifetime in the same way you would in AD. The same LDAP entries control
> this in Samba.
Any idea where they are stored in the directory ? as I would normally set
these using the Domain controller policy GPO using windows directly and I
have done that but it's not been picked up.
> > on another side note is it the Samba 4 DC that decides the renewal date
> > the tokens also ?
> Yes, the KDC sets the limits, but the client can ask for less (eg the
> krb5.conf on the client).
> Andrew Bartlett
> Andrew Bartlett http://samba.org/~abartlet/
> Authentication Developer, Samba Team http://samba.org
> Samba Developer, Catalyst IT
More information about the samba