Help

Kerberos automatic renew

tkimpton
Valued Contributor II

Posted on ‎11-10-2011 01:46 PM

Hi guys

Have a problem where some users keep machines logged in overnight, goes to screen saver password lock and the 10 hour kerberos ticket expires.

I found this

http://list.jamfsoftware.com/pipermail/casper/2011-April/011433.html

But it isn't clear if this fixes the problem and the ticket automatically renews when unlocked from screen saver the next day.

Does this work or can some one clarify?

Thanks

0 Kudos
Reply
2 REPLIES 2

jarednichols
Honored Contributor

Posted on ‎11-14-2011 05:38 AM

What OS version? There are some versions of 10.6 and 10.7 that have issues with their TGT handling.

j
---
Jared F. Nichols
Desktop Engineer, Client Services
Information Services Department
MIT Lincoln Laboratory
244 Wood Street
Lexington, Massachusetts 02420
781.981.5436

0 Kudos
Reply

stevewood
Honored Contributor II
Honored Contributor II

Posted on ‎11-14-2011 06:20 AM

My experience with this under 10.6 is that no, it does not work. I've had
On Thu, Nov 10, 2011 at 3:46 PM, Tim Kimpton <tim.kimpton at rufusleonard.com>wrote:
this problem with all of my laptop users who I've bound to AD. They will
go away to a meeting and come back to a locked screen that they cannot
unlock. And the worst part is that not even local accounts can unlock the
screen. The only solution is to forcibly restart the machine.

I've tried editing the screen saver authorization, I've added the necessary
lines to have the login window kerberize, and none of it has worked for me. We also see extended delays in logging in whether on the network or off. I've had to resort to placing people back onto our OD server until I can
re-org our AD infrastructure and get people to 10.7, which hopefully fixes
the issue.

Steve Wood
Director of IT
swood at integer.com

The Integer Group | 1999 Bryan St. | Ste. 1700 | Dallas, TX 75201
T 214.758.6813 | F 214.758.6901 | C 940.312.2475

0 Kudos
Reply