[11460] in Kerberos-V5-bugs
[krbdev.mit.edu #6682] krb5_get_init_creds_password() is inconsistent
daemon@ATHENA.MIT.EDU (Greg Hudson via RT)
Wed Mar 17 16:40:24 2010
Mail-followup-to: rt@krbdev.mit.edu
mail-copies-to: never
From: "Greg Hudson via RT" <rt-comment@krbdev.MIT.EDU>
In-Reply-To: <rt-6682@krbdev.mit.edu>
Message-ID: <rt-6682-32608.8.46754912983087@krbdev.mit.edu>
To: "'AdminCc of krbdev.mit.edu Ticket #6682'":;"'AdminCc of krbdev.mit.edu Ticket #6682'":;@MIT.EDU
Date: Wed, 17 Mar 2010 16:40:22 -0400 (EDT)
Reply-To: rt-comment@krbdev.MIT.EDU
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krb5-bugs-bounces@mit.edu
Per the log message for r14936, this is intentional behavior:
---
Note that the intent is that the last-req type will only be included by
the KDC when the time until password expiration reaches some threshold
(e.g, one week), so this code will display the password expiration
anytime the last-req type is included.
---
(A classic case of "code documentation belongs in comments, not commit
logs.")
Now, I don't know if that statement reflects reality. Allowing the KDC
to control when expiration notification happens seems well and fine, but
RFC 4120 doesn't appear to say that last-req expiration times should be
used that way.
_______________________________________________
krb5-bugs mailing list
krb5-bugs@mit.edu
https://mailman.mit.edu/mailman/listinfo/krb5-bugs
