Active Directory authentication and kerberos timeout
Richard Pieri
richard.pieri-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org
Tue Dec 8 20:05:08 EST 2009
On Dec 8, 2009, at 7:15 PM, John Abreau wrote:
>
> How do I get the server to keep the trust relationship permanently?
You can't make it permanent but you can make it last a very, very long time. First, check with the KDC/AD admin and find out what the max renewable life on renewable tickets is. That is going to be your absolute maximum trust lifetime. Let's say that is 30 days. Make your ticket renewable with kinit:
# kinit -r 30d
And that's it. Your ticket will expire after 24 hours (ticket_lifetime) and then automatically renew with the KDC until the 30-day "lease" expires.
--Rich P.
More information about the Discuss
mailing list