Set maximum Kerberos SSPI context token buffer sizeID: oval:org.secpod.oval:def:27422 | Date: (C)2015-10-08 (M)2023-07-04 |
Class: COMPLIANCE | Family: windows |
This policy setting allows you to set the value returned to applications which request the maximum size of the SSPI context token buffer size.
The size of the context token buffer determines the maximum size of SSPI context tokens an application expects and allocates. Depending upon authentication request processing and group memberships, the buffer might be smaller than the actual size of the SSPI context token.
If you enable this policy setting, the Kerberos client or server uses the configured value, or the locally allowed maximum value, whichever is smaller.
If you disable or do not configure this policy setting, the Kerberos client or server use the locally configured value or the default value.
Default:
All supported versions: 48,000 bytes
All other versions: 12,000 bytes.
Fix:
(1) GPO: Computer Configuration\Administrative Templates\System\Kerberos!Set maximum Kerberos SSPI context token buffer size
(2) REG: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\Kerberos\Parameters!EnableMaxTokenSize
Platform: |
Microsoft Windows Server 2012 R2 |