[Samba] Kerberos ticket lifetime
Rowland penny
rpenny at samba.org
Thu Oct 1 20:10:41 UTC 2020
On 01/10/2020 20:47, Jason Keltz via samba wrote:
>
> Hi Rowland,
>
> In my case, I think I may know why pam_winbind is not renewing the
> ticket before it expires.
>
I don't think it matters about the extra characters in the ticket name,
I think the ticket search looks for a ticket that is owned by the user.
I also don't think ssh is forwarding the ticket, it gets a new one for
the user.
If you are using RHEL7 (or a clone), you are going to love RHEL8, they
have removed pam_krb5.
I have tested the 'kdc:*****' lines in smb.conf on a Unix domain member
and they do not work for myself, I am now waiting overnight to see if a
users ticket gets refreshed after 10 hours.
Rowland
More information about the samba
mailing list