Solved

Kerberos ticket expiration

Posted on 2004-08-06
5
1,059 Views
Last Modified: 2013-12-19
Hello.

How does one address a Kerberos ticket expiration on Windows 2000 server?  Any suggestions.
This shows up on my auditing from the event logs.
0
Comment
Question by:g000se
  • 3
  • 2
5 Comments
 
LVL 37

Expert Comment

by:Bing CISM / CISSP
Comment Utility
Windows 2000 automatically manages the Kerberos ticket cache for connections to all network services. Tickets have an expiration time and occasionally need to be renewed. Ticket expiration and renewal are handled by the Kerberos security provider and associated application services. Most services, such as the file system Redirector, automatically keep session tickets up-to-date. Regular ticket renewal gives added session security by changing the session keys periodically. ---- Secure Networking Using Windows 2000 Distributed Security Services
0
 
LVL 11

Author Comment

by:g000se
Comment Utility
So how could I fix this or should I leave it the way it is.
0
 
LVL 37

Accepted Solution

by:
Bing CISM / CISSP earned 175 total points
Comment Utility
"If a client presents an expired session ticket when requesting a connection to a server, the server returns an error message. The client must request a new session ticket from the KDC. Once a connection is authenticated, however, it no longer matters whether the session ticket remains valid. Session tickets are used only to authenticate new connections with servers. Ongoing operations are not interrupted if the session ticket used to authenticate the connection expires during the connection.

If a client presents an outdated TGT when requesting a session ticket from the KDC, the KDC responds with an error message. The client must request a new TGT, and to do that it needs the user's long-term key. If the client did not cache the user's long-term key during the initial logon process, the client may have to ask the user for a password and derive the long-term key."

Windows 2000 Kerberos Authentication
http://www.microsoft.com/technet/prodtechnol/windows2000serv/deploy/confeat/kerberos.mspx
0
 
LVL 11

Author Comment

by:g000se
Comment Utility
Thanks again for your help.  It makes sense.
0
 
LVL 37

Expert Comment

by:Bing CISM / CISSP
Comment Utility
glad to help :)
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

Sometimes you might need to configure routing based not only on destination IP address, but also on a combination of destination IP address (or hostname) and destination port number. I will describe a method how to accomplish this with free tools. …
Greetings, Experts! First let me state that this website is top notch. I thoroughly enjoy the community that is shared here; those seeking help and those willing to sacrifice their time to help. It is fantastic. I am writing this article at th…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now