[32445] in Kerberos
Re: bug?: erroneous start time for max renewable life check
daemon@ATHENA.MIT.EDU (=?iso-8859-1?Q?Love_H=F6rnquist_=C)
Wed Jun 9 13:02:42 2010
X-KTH-mail-from: lha@kth.se
Mime-Version: 1.0 (Apple Message framework v1150)
From: =?iso-8859-1?Q?Love_H=F6rnquist_=C5strand?= <lha@kth.se>
In-Reply-To: <1276100136.2419.1102.camel@ray>
Date: Wed, 9 Jun 2010 10:02:36 -0700
Message-Id: <98A648E0-FE28-4DBC-A739-CB927CC746F9@kth.se>
To: Greg Hudson <ghudson@mit.edu>
Cc: "kerberos@mit.edu" <kerberos@mit.edu>, Richard Johnson <rjohnson@ucar.edu>
Content-Type: multipart/mixed; boundary="===============1523634028=="
Errors-To: kerberos-bounces@mit.edu
--===============1523634028==
Content-Type: multipart/signed; boundary=Apple-Mail-437--704470020;
protocol="application/pkcs7-signature"; micalg=sha1
--Apple-Mail-437--704470020
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
charset=us-ascii
9 jun 2010 kl. 09:15 skrev Greg Hudson:
> I think the most practical fix for your problem is to make the Heimdal
> KDC more forgiving--it should not squash the validity end time of the
> ticket simply because it calculated a lower maximum renewable end =
time.
> If I were a Heimdal developer, I'd propose removing this line from
> krb5tgs.c:
>=20
> et.endtime =3D min(et.endtime, *et.renew_till);
Just change the max renew time to be longer then the max lifetime on the =
principal ?
Love
--Apple-Mail-437--704470020--
--===============1523634028==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
--===============1523634028==--
