Github user radarwave commented on a diff in the pull request:
https://github.com/apache/incubator-hawq-docs/pull/131#discussion_r143955400
--- Diff: markdown/clientaccess/kerberos.html.md.erb ---
@@ -515,6 +516,53 @@ Valid starting Expires Service principal
After generating a ticket, you can connect to a HAWQ database as a kerberos-authenticated
user using `psql` or other client programs.
+### <a id="change_ticket"></a>Changing the Ticket Renewal Interval
+
+The lifetime of the Kerberos ticket may need to be changed. The ticket lifetime is the
minimum of the following values:
+
+* `max_life` in `kdc.conf` on the KDC servers.
--- End diff --
This is one of the issue user hits, and possible a common issue for integrate HAWQ with
AD KDC, so we'd better keep it.
But I think we don't need to talk details of how to setup '/etc/krb5kdc/kdc.conf', just
doc how to set 'server_ticket_renew_interval' for HAWQ and explain why this change is needed
should be enough.
---
|