Samba KDC Settings

Samba4 DC Kerberos token settings


Samba defaults kerberos tickets expiry values to the following, in some environments it might not be practical that the user TGT expire after 10 hours.

Samba 4's KDC ticket life can be controlled using the parameters in smb.conf the values take integer values and the values should be the hours the tickets should be valid.

 kdc:service ticket lifetime = 1

 kdc:user ticket lifetime = 24

 kdc:renewal lifetime = 120

In the above example the service tickets are valid for 1 hour before the Samba has to reissue them user TGT tickets are valid for 24 hours before needing them to be renewed. Tickets can be renewed for a maximum of 5 days from the date of original issue.