User\CIM_KerberosTicket.mof.mof (HTML version)

Return to index
CIM_KerberosTicket Superclass: CIM_Credential
A CIM_KerberosTicket represents a credential issued by a particular Kerberos Key Distribution Center (KDC) to establish an identity, as the result of a successful authentication process. There are two types of tickets that a KDC may issue - a TicketGranting ticket, which is used to protect and authenticate communications between an entity and the KDC, and a Session ticket, which the KDC issues to two entities to allow them to communicate with each other.
Qualifiers:Version ( "2.8.0" )
Parameters (local in grey)
ValueMap { "0" , "1" }
Values { "Session" , "TicketGranting" }
uint16 TicketType ;
The Type of CIM_KerberosTicket is used to indicate whether the ticket in question was issued by the Kerberos Key Distribution Center (KDC) to support ongoing communication between the Users Access and the KDC ('TicketGranting'), or was issued by the KDC to support ongoing communication between two Users Access entities ('Session').
MaxLen ( 256 )
Propagated ( "CIM_KerberosKeyDistributionCenter.Name" )
Key
string ServiceName ;
The scoping Service's Name. The Kerberos KDC Realm of CIM_KerberosTicket is used to record the security authority, or Realm, name so that tickets issued by different Realms can be separately managed and enumerated.
MaxLen ( 256 )
Propagated ( "CIM_KerberosKeyDistributionCenter.SystemCreationClassName" )
Key
string SystemCreationClassName ;
The scoping System's CCN.
MaxLen ( 256 )
Key
string RemoteID ;
RemoteID is the name by which the user is known at the KDC security service.
MaxLen ( 256 )
Propagated ( "CIM_KerberosKeyDistributionCenter.CreationClassName" )
Key
string ServiceCreationClassName ;
The scoping Service's CCN.
MaxLen ( 256 )
Propagated ( "CIM_KerberosKeyDistributionCenter.SystemName" )
Key
string SystemName ;
The scoping System's Name.
MaxLen ( 256 )
Key
string AccessesService ;
The name of the service for which this ticket is used.
datetime Issued ;
The date and time when the credential was issued. Use a value of all '00000101000000.000000+000', (midnight, January 1, 1 BCE at coordinated universal time +0 minutes), if this information is not applicable. On CreateInstance, if this property is unspecified, or set to NULL, then current time is assumed.
datetime Expires ;
The date and time when the credential expires (and is not appropriate for use for authentication/ authorization). If this information is not applicable, Use a value of '99991231235959.999999+999', (1 microsecond before midnight, December 31, 9999 CE, at coordinated universal time + 999 minutes).
On CreateInstance, if this property is unspecified, or set to NULL, then a value of '99991231235959.999999+999' is assumed. Note that this property does not define how the expiration is set - but that there IS an expiration. The property may be set to either a specific date/time or an interval (calculated from the Issued datetime). For example, for Certificate Authority-signed public key, the expiration is determined by the CA. Another example is a voice mail password that expires 60 days after it is set/issued.
string ElementName ;
A user-friendly name for the object. This property allows each instance to define a user-friendly name in addition to its key properties, identity data, and description information.
Note that the Name property of ManagedSystemElement is also defined as a user-friendly name. But, it is often subclassed to be a Key. It is not reasonable that the same property can convey both identity and a user-friendly name, without inconsistencies. Where Name exists and is not a Key (such as for instances of LogicalDevice), the same information can be present in both the Name and ElementName properties.
MaxLen ( 64 )
string Caption ;
The Caption property is a short textual description (one- line string) of the object.
string Description ;
The Description property provides a textual description of the object.