|
Posted by Raji Arulambalam on June 8, 2006, 1:40 am
Please log in for more thread options Hi
Is there a way to increase their end time to 24 hrs instead of the default
10 hours?
I have tried setting this in the Domain Security Policy for Kerberos Policy
( Max lifetime for service and user ticket), but the clients (Windows XP
SP2) shows that the lifetime is 10 hours. (used kerbtray and klist to get
this)
Windows 2003 servers.
Is there an article that gives what the valid range of time that can be set
for the kerberos tickets instead of the defaults.?
Thanks
RajiA
show/hide quoted text
> Configure the Local Security Policy [or via domain policy] to
> automatically logoff the user when their smart card is removed under local
> policies/security options - interactive logon: smart card removal
> behavior. That should solve your problem. If their still is a problem that
> means they are leaving their smart cards in the smart card reader which in
> my opinion would be a gross security violation which defeats much of the
> advantage of using smart cards and should not be allowed via computer user
> policy. --- Steve
>> Hi,
>> I'm experiencing problems whereby users (who've logged on with smart
>> cards) leave their machines logged on overnight. On unlocking their
>> workstations in the morning users get a message in their system tray
>> telling them that Windows needs their current credentials and a green
>> Kerberos icon in the systray. The users try to renew their credentials
>> as instructed by locking / unlocking their workstation, but alas no
>> success. The users cannot shutdown gracefully as their connections to
>> their network shares are dropped which stops them saving their profile.
>> I think this is due to the Kerberos user ticket expiring after the
>> default 10 hours? Shouldn't Kerberos re-authenticate silently in the
>> background after unlocking the workstation in the morning. I know that
>> the users should log off, but they don't and this cannot be changed!
>> Any ideas?
>
| 
XML Sitemap
> I'm experiencing problems whereby users (who've logged on with smart
> cards) leave their machines logged on overnight. On unlocking their
> workstations in the morning users get a message in their system tray
> telling them that Windows needs their current credentials and a green
> Kerberos icon in the systray. The users try to renew their credentials
> as instructed by locking / unlocking their workstation, but alas no
> success. The users cannot shutdown gracefully as their connections to
> their network shares are dropped which stops them saving their profile.
> I think this is due to the Kerberos user ticket expiring after the
> default 10 hours? Shouldn't Kerberos re-authenticate silently in the
> background after unlocking the workstation in the morning. I know that
> the users should log off, but they don't and this cannot be changed!
> Any ideas?
>