[Samba] Kerberos ticket maximum renewable lifetime

Rowland penny rpenny at samba.org
Fri Jul 3 11:05:28 UTC 2020


On 03/07/2020 11:33, Stefan Just via samba wrote:
> We are using tmux, screen and x2go to run long-running jobs on our
> compute servers. $HOME and other data should be mounted via CIFS or
> NFS4. Because such a job can run for more than a week, I would like to
> increase the Kerberos ticket lifetime or better the Kerberos ticket
> maximum renewable lifetime.
>
> I found this guide:
>
> https://wiki.samba.org/index.php/Samba_KDC_Settings
>
> Unfortunately, only settings that are smaller than the following have an
> effect:
>
> kdc:user ticket lifetime = 24
> kdc:renewal lifetime = 24
>
> There appears to be an upper limit of 24 hours that none of these
> settings can exceed.
>
> Thanks in advance

You possibly could alter the ticket lifetime, but it would affect every 
kerberos ticket.

A better idea would be to create users in AD just to run the program and 
then create a script to check if the ticket is valid and run kinit if it 
isn't, though this would also depend on a keytab.

Rowland





More information about the samba mailing list