Table of Contents
Advertisement
WLAN
Enables or disables Kerberos:
ADAPTER,
store kerberos opts [-]auth
WLAN
Sets the maximum allowable amount of clock skew in seconds
or minutes that Kerberos authentication will tolerate before
assuming that a Kerberos message is invalid:
store kerberos config clockskew <clock_skew><s|m>
The time units cannot be mixed and there must at least be one
space between the <renew_life_time> value and the time unit
(s or m). The default is 300 seconds, (i.e. five minutes). The
minimum allowable value is 60 seconds (i.e. 1 minute). The
maximum allowable value is 900 seconds (i.e. 15 minutes).
NOTE: The Microsoft step-by-step Guide to Kerberos 5 (krb5 1.0)
WLAN
Sets the maximum allowable ticket lifetime in seconds, minutes,
ADAPTER,
hours, or days:
WLAN
store kerberos config tktlife <life_time> <s|m|h|d>
<life_time> is between 300 seconds and 259200 seconds (3
days). The time units cannot be mixed and there must be at
least one space between the <life_time> value and the time
units (s, m, h, or d). Default value is 43200 seconds.
WLAN
Sets the maximum allowable renewable lifetime in seconds,
ADAPTER,
minutes, hours, or days:
WLAN
store kerberos config renewlife <renew_life_time>
<s|m|h|d>
<renew_life_time> is 0 (i.e. no limit) or between 300 seconds
and 604800 seconds (7 days). The time units cannot be mixed
and there must be at least one space between the
<renew_life_time> value and the time unit (s, m, h, or d).
Default value is 0.
Interoperability recommends that your system clock be
sychronized within two minutes to the KDC system's clock.
Otherwise, clock skew errors will cause Kerberos
authentication to fail. If this is the case, the clock skew
default may need to scale down to two minutes.
Store Commands
311
Advertisement
Table of Contents
Troubleshooting
