[Samba] Kerberso tgt token life on samba4
Andrew Bartlett
abartlet at samba.org
Fri Jan 31 02:23:32 MST 2014
On Fri, 2014-01-31 at 09:02 +0000, Damien Dye wrote:
>
>
> On 30 January 2014 19:04, Andrew Bartlett <abartlet at samba.org> wrote:
> On Wed, 2014-01-29 at 13:16 +0000, Damien Dye wrote:
> > Guys
> >
> >
> > is it possible on samba 4 to raise the expiry time on tgt
> tickets to be
> > more than 10 hours ?
>
> Yes.
>
> > I have users running scripts that need a longer expiry time
> on the token
>
> You could ask for a renewable ticket, and renew it, or change
> the
> lifetime in the same way you would in AD. The same LDAP
> entries control
> this in Samba.
>
>
> thanks Andrew
>
>
>
> Any idea where they are stored in the directory ? as I would normally
> set these using the Domain controller policy GPO using windows
> directly and I have done that but it's not been picked up.
I'm very sorry, I didn't check. It's actually smb.conf options:
kdc:service ticket lifetime
kdc:user ticket lifetime
kdc:renewal lifetime
times are in hours I think.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the samba
mailing list