Connected: An Internet Encyclopedia
RFC 1510 - 4.4. Site Constants
Top: Connected: An Internet Encyclopedia
Up: Requests For Comments
Up: RFC 1510
Up: 4. The Kerberos Database
Prev: 4.3. Frequently Changing Fields
Next: 5. Message Specifications
4.4. Site Constants
The KDC implementation should have the following configurable
constants or options, to allow an administrator to make and enforce
policy decisions:
- The minimum supported lifetime (used to determine whether the
KDC_ERR_NEVER_VALID error should be returned). This constant
should reflect reasonable expectations of round-trip time to the
KDC, encryption/decryption time, and processing time by the client
and target server, and it should allow for a minimum "useful"
lifetime.
- The maximum allowable total (renewable) lifetime of a ticket
(renew_till - starttime).
- The maximum allowable lifetime of a ticket (endtime - starttime).
- Whether to allow the issue of tickets with empty address fields
(including the ability to specify that such tickets may only be
issued if the request specifies some authorization_data).
- Whether proxiable, forwardable, renewable or post-datable tickets
are to be issued.
Next: 5. Message Specifications
Connected: An Internet Encyclopedia
RFC 1510 - 4.4. Site Constants