Manualshelf

OSF DCE Administration Guide--Core Components

ManualsBrandsHP ManualsServerHP NonStop G-Series
451452453454455456457458459460
Maintaining Policies and Properties
where hours is a number that indicates the number of hours before a principal’s ticket-
granting ticket expires.
Note that you can set this time for individual accounts by using the account modify
command.
35.1.2.2 Maximum Ticket Lifetime
The maximum ticket lifetime (maxtktlife attribute) is the maximum amount of time in
hours that a ticket issued to a principal is valid. When a client requests a ticket to a
server, the lifetime that is granted to the ticket takes into account the maximum ticket
lifetime that is set for both the server and the client. The lifetime that is granted will not
exceed the shorter of the server’s and client’s maximum ticket lifetime.
You define maximum ticket lifetime with the dcecp maxtktlife attribute in the
following form:
maxtktlife hours
where hours is a number that indicates the number of hours that a ticket issued to a
principal is valid.
The shorter you make the maximum ticket lifetime, the greater the security of the
system. However, extremely frequent renewal can cause processing overhead. The
maximum ticket lifetime that you set needs to take into consideration system
performance and the level of security that you require.
Note that you can set this time for individual accounts by using the account modify
command.
35.1.3 Handling Conflicting Policies
Different standard and authentication policies can be in effect for the registry as a whole
and for individual organizations (for standard policy) and accounts (for authentication
policy). If the policy that is set for the registry as a whole differs from the policy that is
set for an individual organization or account, the stricter policy applies. For example,
suppose registry policy specifies a minimum password length of six characters and
policy for the organization named classic specifies eight characters. If you create the
account bach cantata classic, the stricter policy (in this case, the organization policy)
applies, and the account password must be at least eight characters long. Table 35-1 lists
the stricter policy for each policy type.
124243 Tandem Computers Incorporated 355