Is there a way of extending the Kerberos ticket lifespan when logging in via AD?

[fatherzimfire]

I have an AD/OD triangle environment, and clients on 10.5 and 10.6

If I log in through AD (or unlock the screensaver), the ticket renews for another 10 hours, but the lifespan of the ticket only seems to last for 24 hours in total…
The people that always log off or reboot their machines daily always have a valid ticket, but those that don’t have the issue of their tickets expiring.

However, if I manually initiate a new ticket (either from the “ticket viewer” app or by using kinit on the command line) it is renewable for a period of 7 days (which is preferable).
Does anyone know of a way to change this so that the default period of the ticket is the maximum?

I am aware of http://support.apple.com/kb/HT4100 although the article seems irrelevant as a valid ticket is being obtained on login (it just doesn’t last as long as it does when obtained from kinit).

Any advice appreciated.

FZ

[Author]

Posts