Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

87 lines
4.5 KiB

  1. If you make a change, please add when this change was checked in, what build number etc.
  2. Registry entries that Kerberos is interested in:
  3. The following are in HKLM\System\CurrentControlSet\Control\Lsa\Kerberos\Parameters
  4. At boot, theese registry entries are read and stored in globals
  5. =============================================================================
  6. Value "SkewTime" , Type REG_DWORD
  7. Whatever it's set to will be the Skew time in minutes, default is KERB_DEFAULT_SKEWTIME minutes
  8. #define KERB_DEFAULT_SKEWTIME 5
  9. EXTERN TimeStamp KerbGlobalSkewTime;
  10. This is the time difference that's tolerated between one machine and the
  11. machine that you are trying to authenticate (dc/another wksta etc).
  12. Units are in 10 ** 7 seconds. If this is a checked build, default in 2 hours.
  13. =============================================================================
  14. Value "LogLevel", Type REG_DWORD
  15. If it's set to anything non-zero, all Kerberos errors will be logged in the
  16. system event log. Default is KERB_DEFAULT_LOGLEVEL
  17. #define KERB_DEFAULT_LOGLEVEL 0
  18. KerbGlobalLoggingLevel saves this value.
  19. =============================================================================
  20. Value "MaxPacketSize" Type REG_DWORD
  21. Whatever this is set to will be max size that we'll try udp with. If the
  22. packet size is bigger than this value, we'll do tcp. Default is
  23. KERB_MAX_DATAGRAM_SIZE bytes
  24. #define KERB_MAX_DATAGRAM_SIZE 2000
  25. KerbGlobalMaxDatagramSiz saves this value
  26. =============================================================================
  27. Value "StartupTime" Type REG_DWORD
  28. In seconds. Wait for the specified number of seconds for the KDC to start
  29. before giving up. Default is KERB_KDC_WAIT_TIME seconds.
  30. #define KERB_KDC_WAIT_TIME 120
  31. KerbGlobalKdcWaitTime saves this value.
  32. =============================================================================
  33. Value "KdcWaitTime" Type REG_DWORD
  34. In seconds. Value passed to winsock as timeout for selecting a response from
  35. a KDC. Default is KerbGlobalKdcCallTimeout seconds.
  36. #define KERB_KDC_CALL_TIMEOUT 10
  37. KerbGlobalKdcCallTimeout saves this value
  38. =============================================================================
  39. Value "KdcBackoffTime" Type REG_DWORD
  40. In seconds. Value that is added to KerbGlobalKdcCallTimeout each successive
  41. call to a KDC in case of a retry. Default is KERB_KDC_CALL_TIMEOUT_BACKOFF
  42. seconds.
  43. #define KERB_KDC_CALL_TIMEOUT_BACKOFF 10
  44. KerbGlobalKdcCallBackoff saves this value.
  45. =============================================================================
  46. Value "KdcSendRetries" Type REG_DWORD
  47. The number of retry attempts a client will make in order to contact a KDC.
  48. Default is KERB_MAX_RETRIES
  49. #define KERB_MAX_RETRIES 3
  50. KerbGlobalKdcSendRetries saves this value
  51. =============================================================================
  52. Value "DefaultEncryptionType" Type REG_DWORD
  53. The default encryption type for PreAuth. As of beta3, this was
  54. KERB_ETYPE_RC4_HMAC_OLD
  55. #ifndef DONT_SUPPORT_OLD_TYPES
  56. KerbGlobalDefaultPreauthEtype = KERB_ETYPE_RC4_HMAC_OLD;
  57. #else
  58. KerbGlobalDefaultPreauthEtype = KERB_ETYPE_RC4_HMAC_NT;
  59. #endif
  60. KerbGlobalDefaultPreauthEtype saves this value
  61. =============================================================================
  62. Value "UseSidCache" Type REG_BOOL
  63. Flag decides whether we use Sids instead of names. Sid lookups are faster
  64. for SAM at the server end. Default is KERB_DEFAULT_USE_SIDCACHE
  65. #define KERB_DEFAULT_USE_SIDCACHE FALSE
  66. KerbGlobalUseSidCache saves this value
  67. =============================================================================
  68. Value "FarKdcTimeout" Type REG_DWORD
  69. Time in minutes. This timeout is used to invalidate a dc that is in the dc
  70. cache for the Kerberos clients for dc's that are not in the same site as the
  71. client. Default is KERB_BINDING_FAR_DC_TIMEOUT minutes.
  72. #define KERB_BINDING_FAR_DC_TIMEOUT 10
  73. KerbGlobalFarKdcTimeout saves this value as a TimeStamp ( 10000000 * 60 * number of minutes).
  74. =============================================================================
  75. Value "StronglyEncryptDatagram" Type REG_BOOL
  76. Flag decides whether we do 128 bit encryption for datagram. Default is
  77. KERB_DEFAULT_USE_STRONG_ENC_DG
  78. #define KERB_DEFAULT_USE_STRONG_ENC_DG FALSE
  79. KerbGlobalUseStrongEncryptionForDatagram saves this value.
  80. =============================================================================
  81. Value "MaxReferralCount" type REG_DWORD
  82. Is count of how many KDC referrals client will follow before giving up.
  83. Default is KERB_MAX_REFERRAL_COUNT = 6
  84. KerbGlobalMaxReferralCount saves this value