[Samba] Kerberos ticket maximum renewable lifetime

Stefan Just just at tuhh.de
Fri Jul 3 10:33:21 UTC 2020


We are using tmux, screen and x2go to run long-running jobs on our
compute servers. $HOME and other data should be mounted via CIFS or
NFS4. Because such a job can run for more than a week, I would like to
increase the Kerberos ticket lifetime or better the Kerberos ticket
maximum renewable lifetime.

I found this guide:

https://wiki.samba.org/index.php/Samba_KDC_Settings

Unfortunately, only settings that are smaller than the following have an
effect:

kdc:user ticket lifetime = 24
kdc:renewal lifetime = 24

There appears to be an upper limit of 24 hours that none of these
settings can exceed.

Thanks in advance

Am 02.07.20 um 18:55 schrieb Rowland penny via samba:
> On 02/07/2020 17:28, Stefan Just via samba wrote:
>> I would like to set the renewable lifetime to 90 days.
>> What is the best way to set the Kerberos ticket maximum renewable
>> lifetime.
>>
>> ~# smbd --version
>> Version 4.12.2-Ubuntu
>>
>> ~# klist
>> Ticket cache: FILE:/tmp/krb5cc_0
>> Default principal: administrator at MYDOM
>>
>> Valid starting     Expires            Service principal
>> 07/02/20 18:08:16  07/03/20 04:08:16  krbtgt/MYDOM at MYDOM
>>     renew until 07/03/20 18:08:11
>>          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>>
>>
> Why on Earth do you want to do that ?
> 
> Not sure you can anyway.
> 
> Rowland
> 
> 
> 

-- 
Stefan Just, DV-Systemingenieur             | E-Mail:      just at tuhh.de
Technische Universität Hamburg, ES (E-13)   | Voice:  +49 40 42878-3356
Am Schwarzenberg-Campus 3E, D-21073 Hamburg | Fax:    +49 40 42731-3612



More information about the samba mailing list