[Samba] Kerberos ticket lifetime
jas at eecs.yorku.ca
Thu Oct 1 12:38:42 UTC 2020
On 10/1/2020 8:34 AM, Rowland penny via samba wrote:
> On 01/10/2020 13:30, Jason Keltz via samba wrote:
>> On 10/1/2020 8:28 AM, Rowland penny via samba wrote:
>>> On 01/10/2020 13:17, Jason Keltz via samba wrote:
>>>> So why is it that winbind renews the ticket on the original system,
>>>> but on the system that I ssh to, it does not.
>>> Do you have 'winbind refresh tickets = yes' set on all the systems ?
>> Absolutely. In fact, both systems are using the identical smb.conf,
>> identical PAM configuration, and idential pam_winbind.conf.
> Thinking about it, when you login via ssh, PAM via pam-winbind should
> get you a new ticket on that client.
It did do that. However, I left myself logged in intentionally for > 10
hours on the system and winbind didn't auto renew the ticket. It did
renew it when I *re*sshed, but it should have renewed it on the
connection that was left open as well. On the system where I logged in
via GNOME and left it for > 10 hours, it did renew it.
More information about the samba