이 콘텐츠는 선택한 언어로 제공되지 않습니다.

20.2. Setting Kerberos Ticket Policies


The Kerberos ticket policy sets basic restrictions on managing tickets within the Kerberos realm, such as the maximum ticket lifetime and the maximum renewal age (the period during which the ticket is renewable).
The Kerberos ticket policy is set globally so that it applies to every ticket issued within the realm. IdM also has the ability to set user-level ticket policies which override the global policies. This can be used, for example, to set extended expiration times for administrators or to set shorter expiration times for some employees.

20.2.1. Setting Global Ticket Policies

20.2.1.1. From the Web UI

  1. Click the Policy tab, and then click the Kerberos Ticket Policy subtab.
  2. Change the ticket lifetime policies.
    • Max renew sets the period after a ticket expires that it can be renewed.
    • Max life sets the active period (lifetime) of a Kerberos ticket.
  3. Click the Update link at the top of the policy page.
  4. Restart the KDC.
    # service krb5kdc restart

    Important

    Any change to the global Kerberos ticket policy requires a restart of the KDC for the changes to take effect.

20.2.1.2. From the Command Line

The ipa krbtpolicy-mod command modifies the policy, while the ipa krbtpolicy-reset command resets the policy to the default values.
For example:
# ipa krbtpolicy-mod --maxlife=3600 --maxrenew=18000
  Max life: 3600
  Max renew: 18000

Important

Any change to the global Kerberos ticket policy requires a restart of the KDC for the changes to take effect. Restart the KDC:
# service krb5kdc restart

20.2.2. Setting User-Level Ticket Policies

User-level Kerberos ticket policies are set using the same commands as global policies, but the user is specified in the command.
For example:
# ipa krbtpolicy-mod jsmith --maxlife=3600
  Max life: 3600

Important

User-level policies take effect immediately on the next requested ticket (such as running kinit), without having to restart the KDC service.
Red Hat logoGithubRedditYoutubeTwitter

자세한 정보

평가판, 구매 및 판매

커뮤니티

Red Hat 문서 정보

Red Hat을 사용하는 고객은 신뢰할 수 있는 콘텐츠가 포함된 제품과 서비스를 통해 혁신하고 목표를 달성할 수 있습니다.

보다 포괄적 수용을 위한 오픈 소스 용어 교체

Red Hat은 코드, 문서, 웹 속성에서 문제가 있는 언어를 교체하기 위해 최선을 다하고 있습니다. 자세한 내용은 다음을 참조하세요.Red Hat 블로그.

Red Hat 소개

Red Hat은 기업이 핵심 데이터 센터에서 네트워크 에지에 이르기까지 플랫폼과 환경 전반에서 더 쉽게 작업할 수 있도록 강화된 솔루션을 제공합니다.

© 2024 Red Hat, Inc.