From 8a485a0012d1e5b2374685e989ca5a2517338a91 Mon Sep 17 00:00:00 2001 From: Nicole Rappe Date: Thu, 14 Nov 2024 21:58:34 -0700 Subject: [PATCH] Update Servers & Workflows/Linux/Automation/Puppet/Puppet Bolt.md --- .../Linux/Automation/Puppet/Puppet Bolt.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Servers & Workflows/Linux/Automation/Puppet/Puppet Bolt.md b/Servers & Workflows/Linux/Automation/Puppet/Puppet Bolt.md index 03312d4..d168396 100644 --- a/Servers & Workflows/Linux/Automation/Puppet/Puppet Bolt.md +++ b/Servers & Workflows/Linux/Automation/Puppet/Puppet Bolt.md @@ -135,7 +135,7 @@ We need to configure Kerberos to know how to reach the domain, this is achieved default_realm = BUNNY-LAB.IO dns_lookup_realm = false dns_lookup_kdc = false - ticket_lifetime = 24h + ticket_lifetime = 7d forwardable = true [realms] @@ -162,13 +162,13 @@ klist ``` ??? example "Example Output of `klist`" - You should expect to see output similar to the following. Finding a way to ensure the Kerberos tickets live longer is still under research, as 24 hours is not exactly practical for long-term deployments. + You should expect to see output similar to the following. Finding a way to ensure the Kerberos tickets live longer is still under research, as 7 days is not exactly practical for long-term deployments. ``` [root@lab-puppet-01 bolt-lab]# klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: nicole.rappe@BUNNY-LAB.IO Valid starting Expires Service principal - 11/14/2024 21:19:44 11/15/2024 07:19:44 krbtgt/BUNNY-LAB.IO@BUNNY-LAB.IO - renew until 11/15/2024 21:19:40 + 11/14/2024 21:57:03 11/15/2024 07:57:03 krbtgt/BUNNY-LAB.IO@BUNNY-LAB.IO + renew until 11/21/2024 21:57:03 ``` \ No newline at end of file