[Samba] Kerberso tgt token life on samba4

Damien Dye damien.dye at sondrel.com
Fri Jan 31 03:02:53 MST 2014


many thanks Andrew that has done the job I was needing :-)

--

Damien Dye
 IT Manager
 *Sondrel Ltd*
 Sondrel House, Theale Lakes Business Park
Moulden Way, Sulhamstead, Berkshire, RG7 4GB, UK

Tel: +44(0)118 9838 550
www.sondrel.com

 [image: Sondrel] <http://www.sondrel.com/>

This e-mail and any attachments may be confidential or legally privileged.
If you are not the intended recipient, you should destroy the e-mail
message and any attachments, and inform us of the erroneous delivery by
return e-mail. You are prohibited from retaining, distributing, disclosing
or using any information contained herein. Internet communications cannot
be guaranteed to be timely, secure, error or virus-free. Sondrel Ltd and
the sender do not accept liability for any errors or omissions, nor do we
accept liability for the content of this email, or for the consequences of
any actions taken on the basis of the information provided, unless that
information is consequently confirmed in writing under the personal
signature of a duly authorised officer of Sondrel Ltd.

This email is sent on behalf of Sondrel Ltd registered in England with
number 4491953, registered office Sondrel House, Theale Lakes Business
Park, Moulden Way, Sulhamstead, Berkshire, RG7 4GB, UK.


On 31 January 2014 09:23, Andrew Bartlett <abartlet at samba.org> wrote:

> On Fri, 2014-01-31 at 09:02 +0000, Damien Dye wrote:
> >
> >
> > On 30 January 2014 19:04, Andrew Bartlett <abartlet at samba.org> wrote:
> >         On Wed, 2014-01-29 at 13:16 +0000, Damien Dye wrote:
> >         > Guys
> >         >
> >         >
> >         > is it possible on samba 4 to raise the expiry time on tgt
> >         tickets to be
> >         > more than 10 hours ?
> >
> >         Yes.
> >
> >         > I have users running scripts that need a longer expiry time
> >         on the token
> >
> >         You could ask for a renewable ticket, and renew it, or change
> >         the
> >         lifetime in the same way you would in AD.  The same LDAP
> >         entries control
> >         this in Samba.
> >
> >
> > thanks Andrew
> >
> >
> >
> > Any idea where they are stored in the directory ? as I would normally
> > set these using the Domain controller policy GPO using windows
> > directly and I have done that but it's not been picked up.
>
> I'm very sorry, I didn't check.  It's actually smb.conf options:
>
> kdc:service ticket lifetime
> kdc:user ticket lifetime
> kdc:renewal lifetime
>
> times are in hours I think.
>
> Andrew Bartlett
>
>
> --
> Andrew Bartlett                       http://samba.org/~abartlet/
> Authentication Developer, Samba Team  http://samba.org
> Samba Developer, Catalyst IT
> http://catalyst.net.nz/services/samba
>
>
>


More information about the samba mailing list