Kerberos Ticket Expiry Date - How to make its expiry date last more than 24hrs

Is there a way of making Kerberos tickets last more than 24hrs? I’m using Kerberos with Windows Active Directory.

In windows server I have navigated to Computer Configuration > Policies > Windows Settings > Security Settings > Account Policies > Kerberos Policy and increased the values for maximum lifetime for user ticket and maximum values for service ticket to more than 24hrs from the default 10hrs

However, when I use kinit to create the tickets for users, the expiry time is still 10hrs as shown below

user@server.com:~$ klist
Ticket cache: FILE:/tmp/krb5cc_1000
Default principal: user@HADOOP.COM

Valid starting       Expires              Service principal
12/04/2018 19:43:39   12/05/2018 05:43:39  krbtgt/HADOOP.COM@HADOOP.COM
        renew until 12/11/2018 19:43:32

My question is, how can I make this ticket file also show the expiry date to be longer than the 10hrs as maintained in the windows server?

Thanks.

All Questions Answered

Search This Blog

Donate. I desperately need donations to survive due to my health

Get paid by answering surveys Click here

Click here to donate

Remote/Work from Home jobs

Kerberos Ticket Expiry Date - How to make its expiry date last more than 24hrs

Comments

Post a Comment