Path: utzoo!attcan!uunet!cs.utexas.edu!tut.cis.ohio-state.edu!ucbvax!decwrl!shelby!ATHENA.MIT.EDU!chariot
From: chariot@ATHENA.MIT.EDU (Mark Lillibridge)
Newsgroups: comp.protocols.kerberos
Subject: Proposal for long-lived revocable tickets.
Message-ID: <8907241816.AA10712@VULCAN.MIT.EDU>
Date: 24 Jul 89 18:16:30 GMT
References: <8907211824.AA01770@prune.bbn.com>
Sender: daemon@shelby.Stanford.EDU
Reply-To: chariot@athena.mit.edu
Organization: The Internet
Lines: 22


>   From: Rich Salz <rsalz@bbn.com>
>   Date: Fri, 21 Jul 89 14:24:15 EDT
>
>   >Send mail if ticket lifetime greater than say 7 days
>   Ick.  I'd hate to see this kind of policy put into a protocol...

	Err...  I really meant that as a suggested implementation
feature as opposed to protocol.  Even then, it was only a suggestion.
Since getting a very long ticket is a big security risk, it should be
brought to the user's or to the administrator's attention.

>   I want to be able to have non-revocable infinite tickets; my client and
>   server will conspire so that they won't be used for more than a single
>   transaction that lasts for 30 days.  Is this possible?

	My proposal allowed this although the above 'feature' would send
you mail warning you every time you obtained such tickets.  Out of
curiosity, what application did you have in mind?

						- Mark Lillibridge
						  MIT Project Athena