Forum Discussion

Dany_Pepin_2308's avatar
Dany_Pepin_2308
Icon for Nimbostratus rankNimbostratus
Mar 16, 2016

Problem with kerberos ticket lifetime, ticket is not remove when user logoff

hi, we want to force expiration/deletion of kerberos user ticket. Im stick with the 10 minutes minimum value for ticketlifetime in Access Policy / SSO / Kerberos / my_kerberos_configuration. Default is 600 minutes and the minimum we can set is 10 minutes.

 

Our customer using the portal pay for service, since transaction is approve, we add the user in a active directory security group in order he can access the new service. We ask customer to logoff and login again to get access. The problem, is that the kerberos user ticket doesn't have the new group, until the ticketlifetime is reach, default, 600 minutes, now 10 minutes. Im looking for a way to force the removal of the user kerberos ticket in the F5 cache (or any solution that work without delay).

 

We have try /desk/hangup.php3 but only user session is remove, not kerberos ticket.

 

Config : VE LTM+APM 11.5.2

 

Any idea ? thank in advance and sorry for my bad english !