Connected: An Internet Encyclopedia
4.4. Site Constants
Up:
Connected: An Internet Encyclopedia
Up:
Requests For Comments
Up:
RFC 1510
Up:
4. The Kerberos Database
Prev: 4.3. Frequently Changing Fields
Next: 5. Message Specifications
4.4. Site Constants
4.4. Site Constants
The KDC implementation should have the following configurable
constants or options, to allow an administrator to make and enforce
policy decisions:
- The minimum supported lifetime (used to determine whether the
KDC_ERR_NEVER_VALID error should be returned). This constant
should reflect reasonable expectations of round-trip time to the
KDC, encryption/decryption time, and processing time by the client
and target server, and it should allow for a minimum "useful"
lifetime.
- The maximum allowable total (renewable) lifetime of a ticket
(renew_till - starttime).
- The maximum allowable lifetime of a ticket (endtime - starttime).
- Whether to allow the issue of tickets with empty address fields
(including the ability to specify that such tickets may only be
issued if the request specifies some authorization_data).
- Whether proxiable, forwardable, renewable or post-datable tickets
are to be issued.
Next: 5. Message Specifications
Connected: An Internet Encyclopedia
4.4. Site Constants