Asaf Shazar
Reputation: 1065
Force Renew TGT
In my company we use AD and sleep in that case often the TGT been expire and not renew it.
So it asks again for authentication.
I looked over the network for solution and only found for linux and not for windows.
Is there any option to force renew. Idk like make the tgt ttl to expire in 5 min to force him expire quick and it will renew it?
Upvotes: 2
Views: 3899
Answers (1)
T-Heron
Reputation: 5594
This question seems a bit strangely worded. In Microsoft Windows Active Directory, Kerberos TGTs will auto-renew themselves so long as:
- AD account has not been disabled (or deleted).
- AD account password has not expired.
- AD account itself has not expired.
- AD account doesn't have "User must change password at next logon" flag.
If you want to force-renew your TGT you could:
- Log off and back on again
- Run the command klist purge. At the next access of any Kerberos-protected resource, a new TGT will be obtained, followed by a service ticket (ST) for that resource.
Upvotes: 2
Related Questions
- How can I renew Kerberos Ticket in Windows?
- Kerberos TGT renewal
- kerberos TGT explanation
- automate TGT renewal
- Kerberos Authentication always unsuccessful
- Java Kerberos ticket renew TGT
- Cannot retrieve TGT despite allowtgtsessionkey registry entry
- MIT Kerberos fails to locate TGT in MSLSA cache
- Cannot get TGT from AD
- Kerberos TGT Behaviour