[Samba] Kerberos ticket lifetime

Jason Keltz jas at eecs.yorku.ca
Thu Oct 1 12:38:42 UTC 2020

On 10/1/2020 8:34 AM, Rowland penny via samba wrote:

> On 01/10/2020 13:30, Jason Keltz via samba wrote:
>> On 10/1/2020 8:28 AM, Rowland penny via samba wrote:
>>> On 01/10/2020 13:17, Jason Keltz via samba wrote:
>>>> So why is it that winbind renews the ticket on the original system, 
>>>> but on the system that I ssh to, it does not.
>>> Do you have 'winbind refresh tickets = yes' set on all the systems ?
>> Absolutely.  In fact,  both systems are using the identical smb.conf, 
>> identical PAM configuration, and idential pam_winbind.conf.
>> Jason.
> Thinking about it, when you login via ssh, PAM via pam-winbind should 
> get you a new ticket on that client.

It did do that.  However, I left myself logged in intentionally for > 10 
hours on the system and winbind didn't auto renew the ticket.  It did 
renew it when I *re*sshed, but it should have renewed it on the 
connection that was left open as well.  On the system where I logged in 
via GNOME and left it for > 10 hours, it did renew it.


More information about the samba mailing list