From ddfa37cf4a3a1e371335717ba48cfa3dcf963ae7 Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Wed, 29 Apr 2015 17:36:14 +0200 Subject: [PATCH] increased the tgt-freshness-time in examples --- doc/sample.config | 4 ++-- src/ocserv-args.def | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/doc/sample.config b/doc/sample.config index 06c65007..cae947f9 100644 --- a/doc/sample.config +++ b/doc/sample.config @@ -27,7 +27,7 @@ # Group-Name, Framed-IPv6-Address, Framed-IPv6-Prefix, DNS-Server-IPv6-Address, # Framed-IP-Address, Framed-IP-Netmask, MS-Primary-DNS-Server, MS-Secondary-DNS-Server # -# gssapi[keytab=/etc/key.tab,require-local-user-map=false,tgt-freshness-time=360] +# gssapi[keytab=/etc/key.tab,require-local-user-map=true,tgt-freshness-time=900] # The gssapi option allows to use authentication methods supported by GSSAPI, # such as Kerberos tickets with ocserv. It should be best used as an alternative # to PAM (i.e., have pam in auth and gssapi in enable-auth), to allow users with @@ -47,7 +47,7 @@ auth = "plain[passwd=./sample.passwd]" # will be sufficient to login. #enable-auth = certificate #enable-auth = gssapi -#enable-auth = "gssapi[keytab=/etc/key.tab,require-local-user-map=true]" +#enable-auth = "gssapi[keytab=/etc/key.tab,require-local-user-map=true,tgt-freshness-time=900]" # Accounting methods available: # pam: can only be combined with PAM authentication method, it provides diff --git a/src/ocserv-args.def b/src/ocserv-args.def index a1810b4f..0f882d37 100644 --- a/src/ocserv-args.def +++ b/src/ocserv-args.def @@ -102,7 +102,7 @@ An example configuration file follows. # Group-Name, Framed-IPv6-Address, Framed-IPv6-Prefix, DNS-Server-IPv6-Address, # Framed-IP-Address, Framed-IP-Netmask, MS-Primary-DNS-Server, MS-Secondary-DNS-Server # -# gssapi[keytab=/etc/key.tab,require-local-user-map=false,tgt-freshness-time=360] +# gssapi[keytab=/etc/key.tab,require-local-user-map=false,tgt-freshness-time=900] # The gssapi option allows to use authentication methods supported by GSSAPI, # such as Kerberos tickets with ocserv. It should be best used as an alternative # to PAM (i.e., have pam in auth and gssapi in enable-auth), to allow users with @@ -122,7 +122,7 @@ An example configuration file follows. # will be sufficient to login. #enable-auth = certificate #enable-auth = gssapi -#enable-auth = "gssapi[keytab=/etc/key.tab,require-local-user-map=true]" +#enable-auth = "gssapi[keytab=/etc/key.tab,require-local-user-map=true,tgt-freshness-time=900]" # Accounting methods available: # pam: can only be combined with PAM authentication method, it provides