Details
-
New Feature
-
Status: Open
-
Minor
-
Resolution: Unresolved
-
None
-
None
-
None
-
None
Description
The various Kerberos schemas specify configuration at a number of levels, such as per Client, per Realm, and per KDC, and across a number of configuration options. This configuration will come from the file system or the Eve backing store. In order to hide the resulting complexity from the KDC services, we'll encapsulate this logic in a Configuration Manager and expose it to the KDC services using the Java Preferences API.
Some examples of configuration options are:
Per encryption system secret key
Secret key expiration
Minimum supported lifetime
Maximum renewable lifetime (renewtill - starttime)
Maximum allowable lifetime (endtime - starttime)
allow empty address fields
allow proxiable ticket requests
allow forwardable ticket requests
allow renewable ticket requests
allow postdated ticket requests