[Samba] Kerberos ticket lifetime

Rowland penny rpenny at samba.org
Thu Oct 1 20:10:41 UTC 2020

On 01/10/2020 20:47, Jason Keltz via samba wrote:
> Hi Rowland,
> In my case, I think I may know why pam_winbind is not renewing the 
> ticket before it expires.
I don't think it matters about the extra characters in the ticket name, 
I think the ticket search looks for a ticket that is owned by the user. 
I also don't think ssh is forwarding the ticket, it gets a new one for 
the user.

If you are using RHEL7 (or a clone), you are going to love RHEL8, they 
have removed pam_krb5.

I have tested the 'kdc:*****' lines in smb.conf on a Unix domain member 
and  they do not work for myself, I am now waiting overnight to see if a 
users ticket gets refreshed after 10 hours.


More information about the samba mailing list