RE: Kerberos Policy Settings

From: OIF (anonymous_at_discussions.microsoft.com)
Date: 04/29/04

• Next message: Beth Bergin: "Re: Domain Audit Policy not applying to one server"
• Previous message: OIF: "RE: User unable to change Password"
• In reply to: Frank Pesce: "Kerberos Policy Settings"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 29 Apr 2004 12:36:03 -0700

Frank,

You must decide if this settings are acceptable in the environment that you are running, but some accepted settings for Kerberos Policies are:
"Enforce user logon restrictions" "Enabled"
"Max Lifetime for Serv ticket" "600 Minutes" or less
"Max Lifetime for User ticket" "10 Hours" or less
"Max Lifetime for User ticket renewal" "7 Days" or less
"Max tolerance for Computer Clock Sync" " 5 Min" or less

You may apply this settings, but like any settings in your domain, you must research them and understand what they do.

OIF

• Next message: Beth Bergin: "Re: Domain Audit Policy not applying to one server"
• Previous message: OIF: "RE: User unable to change Password"
• In reply to: Frank Pesce: "Kerberos Policy Settings"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: static props and methods = global variables?? ... > I think it's also worth considering lifetime as well. ... >> use a singleton for application settings. ... maintainability costs businesses more than performance in most scenarios. ... acceptable caching method, is unwise. ... (microsoft.public.dotnet.framework) Re: help me about encrypting WMV file with WMFSDK ... Also the SDK says the lifetime if your settings persist with the ... IWMDRMReader pointer null all your DRM settings. ... > you help me to figure out the erroneous configurations? ... (microsoft.public.windowsmedia.sdk)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint