Samba KDC Settings: Difference between revisions

From SambaWiki
No edit summary
No edit summary
 
Line 10: Line 10:
the values take integer values and the values should be the hours the tickets should be valid.
the values take integer values and the values should be the hours the tickets should be valid.


<b>
: kdc:service ticket lifetime = 1
kdc:service ticket lifetime = 1


: kdc:user ticket lifetime = 24
kdc:user ticket lifetime = 24


: kdc:renewal lifetime = 120
kdc:renewal lifetime = 120
</b>



in the above example the service tickets are valid for 1 hour before the samba has to reissue them
user TGT tickets are valid for 24 hours before needing them to be renewed.
in the above example the service tickets are valid for 1 hour before the samba has to reissue them<br>
user TGT tickets are valid for 24 hours before needing them to be renewed.<br>
tickets can be renewed for a maximum of 5 days from the date of original issue.
tickets can be renewed for a maximum of 5 days from the date of original issue.

Latest revision as of 12:42, 31 January 2014

Samba4 DC Kerberos token settings

Samba defaults kerberos tickets expiry values to the following


in some environments it might not be practical that the user TGT expire after 10 hours.

Samba 4's KDC ticket life can be controlled using the parameters in smb.conf the values take integer values and the values should be the hours the tickets should be valid.


kdc:service ticket lifetime = 1
kdc:user ticket lifetime = 24
kdc:renewal lifetime = 120


in the above example the service tickets are valid for 1 hour before the samba has to reissue them
user TGT tickets are valid for 24 hours before needing them to be renewed.
tickets can be renewed for a maximum of 5 days from the date of original issue.