[Samba] Kerberso tgt token life on samba4

Damien Dye damien.dye at sondrel.com
Fri Jan 31 02:02:08 MST 2014


On 30 January 2014 19:04, Andrew Bartlett <abartlet at samba.org> wrote:

> On Wed, 2014-01-29 at 13:16 +0000, Damien Dye wrote:
> > Guys
> >
> >
> > is it possible on samba 4 to raise the expiry time on tgt tickets to be
> > more than 10 hours ?
>
> Yes.
>
> > I have users running scripts that need a longer expiry time on the token
>
> You could ask for a renewable ticket, and renew it, or change the
> lifetime in the same way you would in AD.  The same LDAP entries control
> this in Samba.
>

thanks Andrew

Any idea where they are stored in the directory ? as I would normally set
these using the Domain controller policy GPO using windows directly and I
have done that but it's not been picked up.





>
> > on another side note is it the Samba 4 DC that decides the renewal date
> of
> > the tokens also ?
>
> Yes, the KDC sets the limits, but the client can ask for less (eg the
> krb5.conf on the client).
>
> Andrew Bartlett
>
> --
> Andrew Bartlett                       http://samba.org/~abartlet/
> Authentication Developer, Samba Team  http://samba.org
> Samba Developer, Catalyst IT
> http://catalyst.net.nz/services/samba
>
>
>


More information about the samba mailing list