Registry Settings for Kerberos v5 Credentials Provider and Kerberos 5 Identity Provider

This document describes the registry settings for Kerberos v5 Credentials Provider and Kerberos 5 Identity Provider. Configuration information can be maintained in both the user and machine registry hives. If a single setting is defined in both the user and machine hives, the user setting will override the machine setting.

Krb5Cred

Registry path: HKCU|HKLM\Software\MIT\NetIDMgr\PluginManager\Plugins\Krb5Cred

Kerberos V Credentials Provider

Module

Type: REG_SZ

Default: MITKrb5

Description

Type: REG_SZ

Default: Kerberos V Credentials Provider

Type

Type: REG_DWORD

Default: 1

Flags

Type: REG_DWORD

Default: 0

Parameters

Registry path: HKCU|HKLM\Software\MIT\NetIDMgr\PluginManager\Plugins\Krb5Cred\Parameters

Parameters for KrbCred

CreateMissingConfig

Type: REG_DWORD

Default: 0

Create missing configuration files

MsLsaImport

Type: REG_DWORD

Default: 1

Automatically import MSLSA credentials: 0-never 1-always 2-if principle matches

MsLsaList

Type: REG_DWORD

Default: 1

Include MSLSA in the credentials list

FileCCList

Type: REG_SZ

Default:

List of file CCaches to include in listing

AutoRenewTickets

Type: REG_DWORD

Default: 1

Automatically renew expiring tickets

DefaultLifetime

Type: REG_DWORD

Default: 36000

Default ticket lifetime

MaxLifetime

Type: REG_DWORD

Default: 86400

Maximum lifetime

MinLifetime

Type: REG_DWORD

Default: 60

Minimum lifetime

Forwardable

Type: REG_DWORD

Default: 1

Obtain forwardable tickets (boolean)

Proxiable

Type: REG_DWORD

Default: 0

Obtain proxiable tickets (boolean)

Addressless

Type: REG_DWORD

Default: 1

Obtain addressless tickets (boolean)

PublicIP

Type: REG_DWORD

Default: 0

Additional public IP address to use (int32)

Renewable

Type: REG_DWORD

Default: 1

Obtain renewable tickets (boolean)

DefaultRenewLifetime

Type: REG_DWORD

Default: 604800

Default renewable lifetime

MaxRenewLifetime

Type: REG_DWORD

Default: 2592000

Maximum renewable lifetime

MinRenewLifetime

Type: REG_DWORD

Default: 60

Maximum renewable lifetime

UseFullRealmList

Type: REG_DWORD

Default: 0

Use the full list of realms in the New Creds dialog

LRURealms

Type: REG_SZ

Default:

LRUPrincipals

Type: REG_SZ

Default:

LastDefaultIdent

Type: REG_SZ

Default:

Last known default identity

PromptCacheLifetime

Type: REG_DWORD

Default: 172800

Lifetime of the prompt cache in seconds

DefaultCCName

Type: REG_SZ

Default:

Default CC name (only per identity)

DefaultToFileCache

Type: REG_DWORD

Default: 0

If no DefaultCCName is specified for an identity, use a generated FILE: cache instead of an API: cache

ShowProfileEditor

Type: REG_DWORD

Default: 0

Whether to enable the profile editor component

PromptCache

Registry path: HKCU|HKLM\Software\MIT\NetIDMgr\PluginManager\Plugins\Krb5Cred\Parameters\PromptCache

Cache of prompts (only per identity)

Name

Type: REG_SZ

Default:

Banner

Type: REG_SZ

Default:

PromptCount

Type: REG_DWORD

Default: 0

ExpiresOn

Type: REG_QWORD

Default: 0

FILETIME of when the prompt cache is set to expire

(n)

Registry path: HKCU|HKLM\Software\MIT\NetIDMgr\PluginManager\Plugins\Krb5Cred\Parameters\PromptCache\(n)

Parameters for each prompt

Prompt

Type: REG_SZ

Default:

Type

Type: REG_DWORD

Default: 0

Flags

Type: REG_DWORD

Default: 0

Realms

Registry path: HKCU|HKLM\Software\MIT\NetIDMgr\PluginManager\Plugins\Krb5Cred\Parameters\Realms

Realm specific configuration (same schema as per identity config)