Does Active Directory's Kerberos implementation support per-user ticket lifetime settings?

active-directory kerberos

Solution 1:

Per my reading of it, no. It's like Password Policy - it's defined at the domain level.

http://technet.microsoft.com/en-us/library/cc757692(v=ws.10).aspx#w2k3tr_sepol_accou_set_hpjo

The policy settings under Account Policies are implemented at the domain level.

Fine-grained password policies can't be used for this, because they don't include Kerberos settings.

http://technet.microsoft.com/en-us/library/cc770394(v=ws.10).aspx

A PSO has attributes for all the settings that can be defined in the Default Domain Policy (except Kerberos settings).

Sorry to say, it appears you're out of luck.

Related

Apache mod_proxy: Multiple virtual hosts disable each other
Securing the primary Ansible user
PHP FPM keeps hanging
GroupOfNames without members
Publicly routable IPv6 linux container
Child Domain Logons to Cross Forest Trust Domains
HBASE Space Used Started Climbing Rapidly
configuring command prompt in Asterisk CLI
How to the set the hostname in an AWS ec2 instance to a unique value in an autoscale group?
Multi-datacenter Ansible load balancer template
nginx: No client certificate CA names sent
Monit use alert along with exec