2.7 Disable Kerberos TGT Expiration Warning

Information

The Kerberos TGT warning service is used to warn users when their Kerberos tickets are about to expire or to renew those tickets before they expire. This service is not used if Kerberos has not been configured. This service is configured to be 'local only' by default.

Rationale:

This service should be disabled if it is not required.

Solution

To disable this service, run the following command:

# svcadm disable svc:/network/security/ktkt_warn

See Also

https://workbench.cisecurity.org/benchmarks/4777

Item Details

Category: SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|CA-9, 800-53|SC-7, 800-53|SC-7(5), CSCv7|9.2

Plugin: Unix

Control ID: feb5e4945d72d30ba9baf8ef1c68d1aea9d1bcff2fdacb0dc3722ef5473483df