2.2.4.19 POLICY_DOMAIN_KERBEROS_TICKET_INFO
The POLICY_DOMAIN_KERBEROS_TICKET_INFO structure communicates policy information about the Kerberos security provider.
-
typedef struct _POLICY_DOMAIN_KERBEROS_TICKET_INFO { unsigned long AuthenticationOptions; LARGE_INTEGER MaxServiceTicketAge; LARGE_INTEGER MaxTicketAge; LARGE_INTEGER MaxRenewAge; LARGE_INTEGER MaxClockSkew; LARGE_INTEGER Reserved; } POLICY_DOMAIN_KERBEROS_TICKET_INFO, *PPOLICY_DOMAIN_KERBEROS_TICKET_INFO;
AuthenticationOptions: Optional flags that affect validations performed during authentication.
-
0
1
2
3
4
5
6
7
8
91
0
1
2
3
4
5
6
7
8
92
0
1
2
3
4
5
6
7
8
93
0
10
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
V
C
0
0
0
0
0
0
0
-
Where the bits are defined as:
-
Value
Description
VC
POLICY_KERBEROS_VALIDATE_CLIENT (0x00000080)
This is the only flag that is currently defined. When this bit is set, the AuthenticationOptions flag of the Key Distribution Center (KDC) configuration setting will be set to POLICY_KERBEROS_VALIDATE_CLIENT (as described in [MS-KILE] section 3.3.1). All other bits SHOULD be set to 0 and ignored upon receipt.
MaxServiceTicketAge: This is in units of 10^(-7) seconds. It corresponds to Maximum ticket lifetime (as specified in [RFC4120] section 8.2) for service tickets only. The default value of this setting is 10 hours.
MaxTicketAge: This is in units of 10^(-7) seconds. It corresponds to the Maximum ticket lifetime (as specified in [RFC4120] section 8.2) for ticket-granting ticket (TGT) only. The default value of this setting is 10 hours.
MaxRenewAge: This is in units of 10^(-7) seconds. It corresponds to the Maximum renewable lifetime, as specified in [RFC4120] section 8.2. The default value of this setting is one week.
MaxClockSkew: This is in units of 10^(-7) seconds. It corresponds to the Acceptable clock skew, as specified in [RFC4120] section 8.2. The default value of this setting is five minutes.
Reserved: The value of this field SHOULD be set to zero when sent or on receipt.