Because of the failure of Windows 2000 and Windows XP to perform proper

ticket expiration time management, the MS Kerberos LSA will return
tickets to a calling application with lifetimes as short as one second.
 Tickets with lifetimes less than five minutes can cause problems for
most apps.  Tickets with lifetimes less than 20 minutes will trigger the
Leash ticket lifetime warnings.

Instead of accepting whatever tickets are returned by MS LSA from the
cache, if the ticket lifetime is less than 20 minutes force a retrieval
operation bypassing the LSA ticket cache.

ticket: 1962
target_version: 1.3.2
tags: pullup
owner: jaltman@mit.edu
status: resolved

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15843 dc483132-0cff-0310-8789-dd5450dbe970

1 files changed, 16 insertions, 0 deletions

diff --git a/src/windows/ms2mit/ChangeLog b/src/windows/ms2mit/ChangeLog
index 1c5a9c45f..f177bb41d 100644
--- a/src/windows/ms2mit/ChangeLog
+++ b/src/windows/ms2mit/ChangeLog
@@ -1,3 +1,19 @@
+2003-10-21  Jeffrey Altman <jaltman@mit.edu>
+
+    * ms2mit.c:
+
+    Because of the failure of Windows 2000 and Windows XP to perform 
+    proper ticket expiration time management, the MS Kerberos LSA will 
+    return tickets to a calling application with lifetimes as short as 
+    one second.  Tickets with lifetimes less than five minutes can cause 
+    problems for most apps.  Tickets with lifetimes less than 20 minutes 
+    will trigger the Leash ticket lifetime warnings.
+
+    Instead of accepting whatever tickets are returned by MS LSA from 
+    the cache, if the ticket lifetime is less than 20 minutes force a 
+    retrieval operation bypassing the LSA ticket cache.
+
+
 2003-07-16  Jeffrey Altman <jaltman@mit.edu>
 
     * ms2mit.c: