Novell LINUX ENTERPRISE SERVER 11 - SECURITY Manual page 110

To configure ticket-related options in the Advanced Settings dialog, choose from the
following options:
• Specify the Default Ticket Lifetime and the Default Renewable Lifetime in days,
hours, or minutes (using the units of measurement d, h, and m, with no blank space
between the value and the unit).
• To forward your complete identity to use your tickets on other hosts, select For-
wardable.
• Enable the transfer of certain tickets by selecting Proxiable.
• Enable Kerberos authentication support for your OpenSSH client by selecting the
corresponding check box. The client then uses Kerberos tickets to authenticate with
the SSH server.
• Exclude a range of user accounts from using Kerberos authentication by providing
a value for the Minimum UID that a user of this feature must have. For instance,
you may want to exclude the system administrator (root).
• Use Clock Skew to set a value for the allowable difference between the time stamps
and your host's system time.
• To keep the system time in sync with an NTP server, you can also set up the host
as an NTP client by selecting NTP Configuration, which opens the YaST NTP
client dialog that is described in Section "Configuring an NTP Client with YaST"
(Chapter 21, Time Synchronization with NTP, ↑Administration Guide). After fin-
ishing the configuration, YaST performs all the necessary changes and the Kerberos
client is ready for use.
96 Security Guide