Samba KDC Settings

From SambaWiki
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

Samba4 DC Kerberos token settings

Samba defaults kerberos tickets expiry values to the following


in some environments it might not be practical that the user TGT expire after 10 hours.

Samba 4's KDC ticket life can be controlled using the parameters in smb.conf the values take integer values and the values should be the hours the tickets should be valid.


kdc:service ticket lifetime = 1
kdc:user ticket lifetime = 24
kdc:renewal lifetime = 120


in the above example the service tickets are valid for 1 hour before the samba has to reissue them
user TGT tickets are valid for 24 hours before needing them to be renewed.
tickets can be renewed for a maximum of 5 days from the date of original issue.