[Samba] Kerberos ticket lifetime
Rowland penny
rpenny at samba.org
Thu Oct 1 12:41:50 UTC 2020
On 01/10/2020 13:38, Jason Keltz via samba wrote:
> On 10/1/2020 8:34 AM, Rowland penny via samba wrote:
>
>> On 01/10/2020 13:30, Jason Keltz via samba wrote:
>>> On 10/1/2020 8:28 AM, Rowland penny via samba wrote:
>>>
>>>> On 01/10/2020 13:17, Jason Keltz via samba wrote:
>>>>> So why is it that winbind renews the ticket on the original
>>>>> system, but on the system that I ssh to, it does not.
>>>>
>>>> Do you have 'winbind refresh tickets = yes' set on all the systems ?
>>>
>>> Absolutely. In fact, both systems are using the identical
>>> smb.conf, identical PAM configuration, and idential pam_winbind.conf.
>>>
>>> Jason.
>>>
>>>
>> Thinking about it, when you login via ssh, PAM via pam-winbind should
>> get you a new ticket on that client.
>
> It did do that. However, I left myself logged in intentionally for >
> 10 hours on the system and winbind didn't auto renew the ticket. It
> did renew it when I *re*sshed, but it should have renewed it on the
> connection that was left open as well. On the system where I logged
> in via GNOME and left it for > 10 hours, it did renew it.
>
> Jason.
>
>
I am now testing this on Centos 8 and I didn't get a ticket, so let me
look into this and get back to you.
Rowland
More information about the samba
mailing list