BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Active Directory authentication and kerberos timeout

Subject: Active Directory authentication and kerberos timeout
From: richard.pieri-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org (Richard Pieri)
Date: Tue, 8 Dec 2009 20:05:08 -0500
In-reply-to: <f323b5930912081615q218e1bb3i68a81e0caf1b7548-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
References: <f323b5930912081615q218e1bb3i68a81e0caf1b7548@mail.gmail.com>

On Dec 8, 2009, at 7:15 PM, John Abreau wrote:
> 
> How do I get the server to keep the trust relationship permanently?

You can't make it permanent but you can make it last a very, very long time.  First, check with the KDC/AD admin and find out what the max renewable life on renewable tickets is.  That is going to be your absolute maximum trust lifetime.  Let's say that is 30 days.  Make your ticket renewable with kinit:

# kinit -r 30d

And that's it.  Your ticket will expire after 24 hours (ticket_lifetime) and then automatically renew with the KDC until the 30-day "lease" expires.

--Rich P.

References:
- Active Directory authentication and kerberos timeout
  - From: jabr-mNDKBlG2WHs at public.gmane.org (John Abreau)

Prev by Date: Active Directory authentication and kerberos timeout
Next by Date: rsync script error
Previous by thread: Active Directory authentication and kerberos timeout
Next by thread: rsync script error
Index(es):
- Date
- Thread


BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Boston Linux & Unix / webmaster@blu.org