How to increase the kerberos ticket validity time/automate kerberos ti...

RupaJ · Posted 11-13-2018 10:44 AM

Hello,

We have IWA/SSO enabled on our SAS servers. So any time a user logs in to SAS Enterprise guide , a kerberos ticket is generated and that is valid only for 10 hours. After 10 hours, the users are required to login to a new session. Now, there are some of the SAS programs that run for more than 10 hours. In that case, is there a way to generate a kerberos ticket that is valid for X hours from a SAS program so they don't fail due to lack of a valid ticket? Is the same scenario possible on SAS linux server?

Another question is -- Is it possible to automate generating the Kerberos tickets for users once the old ones expire instead of requiring to login to a new session.

alexal · Posted 11-14-2018 11:28 AM

@RupaJ,

The default domain policy for "Maximum lifetime for service ticket" is 600 minutes. You need to contact your Windows/Kerberos administrator and increase the value in that option.

Another question is -- Is it possible to automate generating the Kerberos tickets for users once the old ones expire instead of requiring to login to a new session.

Yes, you can do that via SSH script, but ticket renewal requires a user keytab.

sselvakumars · Posted 12-13-2021 06:59 PM

Question on the same topic. I know running kinit command would refresh the session key for the current kerberos ticket. But wondering, what happens when this happens during the sas hive batch job processing as the job is still running with old session key? Does it uses the same ticket with new session key for authentication again?

How to increase the kerberos ticket validity time/automate kerberos tickets in a SAS program

Re: How to increase the kerberos ticket validity time/automate kerberos tickets in a SAS program

Re: How to increase the kerberos ticket validity time/automate kerberos tickets in a SAS program

SAS Innovate 2026 Registration is Open