Subject: | windows ms2mit.exe: do not allow MS LSA to provide tickets with short lifetimes |
Because of the failure of Windows 2000 and Windows XP to perform proper
ticket expiration time management, the MS Kerberos LSA will return
tickets to a calling application with lifetimes as short as one second.
Tickets with lifetimes less than five minutes can cause problems for
most apps. Tickets with lifetimes less than 20 minutes will trigger the
Leash ticket lifetime warnings.
Instead of accepting whatever tickets are returned by MS LSA from the
cache, if the ticket lifetime is less than 20 minutes force a retrieval
operation bypassing the LSA ticket cache.
ticket expiration time management, the MS Kerberos LSA will return
tickets to a calling application with lifetimes as short as one second.
Tickets with lifetimes less than five minutes can cause problems for
most apps. Tickets with lifetimes less than 20 minutes will trigger the
Leash ticket lifetime warnings.
Instead of accepting whatever tickets are returned by MS LSA from the
cache, if the ticket lifetime is less than 20 minutes force a retrieval
operation bypassing the LSA ticket cache.