[588] in Kerberos
extended ticket lifetimes
daemon@TELECOM.MIT.EDU (John T Kohl)
Tue Jan 10 16:34:01 1989
From: John T Kohl <jtkohl@ATHENA.MIT.EDU>
To: kerberos@ATHENA.MIT.EDU
Is it an acceptable option to allow each site to decide whether to
support the proposed extended ticket lifetimes (Ted Anderson proposed
taking the upper half of the lifetime values and using them to index a
lifetime table to yield a wider range of lifetime values)?
Each site would compile their software with either the linear lifetimes
or the table-based lifetimes. Within a realm, there would be no
discernable problems. Inter-realm tickets, however, might not be valid
as long as the lifetime indicates, or might be valid longer or shorter
(the remote KDC, if it doesn't use the same conventions, could generate
tickets with effective lifetimes not matching the expectations of the
requestor). The ultimate determinant of ticket validity would still be
the service provider, who would check the lifetimes according to the
rules with which it was compiled.
Comments?
John
