[Samba] Kerberso tgt token life on samba4

Andrew Bartlett abartlet at samba.org
Fri Jan 31 02:23:32 MST 2014


On Fri, 2014-01-31 at 09:02 +0000, Damien Dye wrote:
> 
> 
> On 30 January 2014 19:04, Andrew Bartlett <abartlet at samba.org> wrote:
>         On Wed, 2014-01-29 at 13:16 +0000, Damien Dye wrote:
>         > Guys
>         >
>         >
>         > is it possible on samba 4 to raise the expiry time on tgt
>         tickets to be
>         > more than 10 hours ?
>         
>         Yes.
>         
>         > I have users running scripts that need a longer expiry time
>         on the token
>         
>         You could ask for a renewable ticket, and renew it, or change
>         the
>         lifetime in the same way you would in AD.  The same LDAP
>         entries control
>         this in Samba.
> 
> 
> thanks Andrew
> 
> 
> 
> Any idea where they are stored in the directory ? as I would normally
> set these using the Domain controller policy GPO using windows
> directly and I have done that but it's not been picked up.

I'm very sorry, I didn't check.  It's actually smb.conf options:

kdc:service ticket lifetime
kdc:user ticket lifetime
kdc:renewal lifetime

times are in hours I think.

Andrew Bartlett


-- 
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba




More information about the samba mailing list