[squid-users] Re: Kerberos authentication resets every 1/2 hour

From: Markus Moeller <huaraz_at_moeller.plus.com>
Date: Thu, 3 Sep 2009 19:41:24 +0100

"??????? ?????????" <undelborg_at_gmail.com> wrote in message
news:cf132a050909030128ke05b19bl5cfc7e0f6ac81d1c_at_mail.gmail.com...
> I've configured Kerberos authentication for users in AD, but there is
> one problem: after half an hour IE7 "forgets" about Kerberos and tries
> to use NTLM. User have to restart IE7 to use Kerberos again. What
> parameter is responsible for Kerberos authentication lifetime?
>

AD can set lifetimes, but usually that is 10 hours renewable for a week.
You can see the values of the ticket with the MS tool kerbtray. You also
can look at the Kerberos traffic on port 88 with Wireshark. With Wireshark
you should see when you login to your Desktop a AS req/rep for your login id
and when you start using IE you should see a TGS req/rep for
HTTP/<proxy-fqdn>.

Regards
Markus

> --
> Best regards,
> Dmitry
>
Received on Thu Sep 03 2009 - 18:42:19 MDT

This archive was generated by hypermail 2.2.0 : Fri Sep 04 2009 - 12:00:02 MDT