[770] in Kerberos
Proposal for long-lived revocable tickets.
daemon@TELECOM.MIT.EDU (Mark Lillibridge)
Mon Jul 24 14:24:17 1989
From: Mark Lillibridge <chariot@ATHENA.MIT.EDU>
To: rsalz@BBN.COM
Cc: Kerberos@ATHENA.MIT.EDU, krb-protocol@ATHENA.MIT.EDU
In-Reply-To: Rich Salz's message of Fri, 21 Jul 89 14:24:15 EDT <8907211824.AA01770@prune.bbn.com>
Reply-To: chariot@ATHENA.MIT.EDU
> From: Rich Salz <rsalz@bbn.com>
> Date: Fri, 21 Jul 89 14:24:15 EDT
>
> >Send mail if ticket lifetime greater than say 7 days
> Ick. I'd hate to see this kind of policy put into a protocol...
Err... I really meant that as a suggested implementation
feature as opposed to protocol. Even then, it was only a suggestion.
Since getting a very long ticket is a big security risk, it should be
brought to the user's or to the administrator's attention.
> I want to be able to have non-revocable infinite tickets; my client and
> server will conspire so that they won't be used for more than a single
> transaction that lasts for 30 days. Is this possible?
My proposal allowed this although the above 'feature' would send
you mail warning you every time you obtained such tickets. Out of
curiosity, what application did you have in mind?
- Mark Lillibridge
MIT Project Athena
