Samba KDC Settings: Difference between revisions

From SambaWiki
No edit summary
No edit summary
Line 8: Line 8:




kdc:service ticket lifetime
kdc:service ticket lifetime = 1


kdc:user ticket lifetime
kdc:user ticket lifetime = 24


kdc:renewal lifetime
kdc:renewal lifetime = 120


in the above example the service tickets are valid for 1 hour before the samba has to reissue them
user TGT tickets are valid for 24 hours before needing them to be renewed.
tickets can be renewed for a maximum of 5 days from the date of original issue.

Revision as of 12:27, 31 January 2014

Samba defaults kerberos tickets expiry values to the following


in some environments it might not be practical that the user TGT expire after 10 hours.

Samba 4's KDC ticket life can be controlled using the parameters in smb.conf the values take integer values and the values should be the hours the tickets should be valid.


kdc:service ticket lifetime = 1

kdc:user ticket lifetime = 24

kdc:renewal lifetime = 120


in the above example the service tickets are valid for 1 hour before the samba has to reissue them user TGT tickets are valid for 24 hours before needing them to be renewed. tickets can be renewed for a maximum of 5 days from the date of original issue.