Re: How does authentication work?
- From: "Joseph T Corey" <jcorey@xxxxxxxxxxxxxx>
- Date: Fri, 16 Nov 2007 09:57:24 -0500
Assuming that these two machines are authenticating via Kerberos, the maximum lifetime of a service ticket (by default) is 600 minutes (10 hours). This is configurable via Group Policy (Computer Configuration\Windows Settings\Security Settings\Kerberos Policy\Maximum Lifetime for a Service Ticket). The downside to increasing this amount is that a user may continue to access a resource long after their account is disabled, or some other threshold (like logon hours) is met.
I'm not a Kerberos expert so that's where my advice will stop.
--
Joseph T. Corey MCSE, Security+
Systems Administrator
jcorey@xxxxxxx
"The_Nite_Owl" <the_nite_owl@xxxxxxxxxxx> wrote in message news:%23Ira%23sEKIHA.4688@xxxxxxxxxxxxxxxxxxxxxxx
When a device attempts to connect to a shared drive on another server it is the remote server that requests the credentials to authenticate the connection right?
What determines how long the connection can remain before the remote server requests authentication again?
We have a Win 2003 server that maps drives to SAN sharespace through another Win 2003 server.
The drive mappings are made using a different set of credentials than the current logged on account.
Win 2003 server after SP1 no longer caches credentials for connections using a different account than the logon account.
When we boot our server the mappings are established but the drives do not connect until you click on one of them in Windows Explorer which pops up an ID/Password prompt (because it will not store the credentials). Once the credentials are entered the connection works. If the connection is unused for 15 minutes the remote server auto-disconnects the connection as it should but when the connection is accessed again it is re-established. This works as expected but in something less than 48 hours the connection dies and clicking on the drive in Explorer pulls back an error. The mappings have to be deleted and re-added which forces a new authentication prompt and then the connection works again.
I believe that when the remote server receives valid authentication credentials that it sets the connection to be allowed from that remote device for a specified time after which it requires re-authentication which our server cannot provide because it does not cache credentials for connections using a different logon id/password.
What could be governing the time the connection can remain before needing re-authentication?
Our Network Engineering team just shrug their shoulders and say it is not on their end.
.
- Follow-Ups:
- Re: How does authentication work?
- From: The_Nite_Owl
- Re: How does authentication work?
- References:
- How does authentication work?
- From: The_Nite_Owl
- How does authentication work?
- Prev by Date: Re: Resize partition with SBS 2003 on it
- Next by Date: Re: Resize partition with SBS 2003 on it
- Previous by thread: Re: How does authentication work?
- Next by thread: Re: How does authentication work?
- Index(es):
Relevant Pages
|
Loading
