[2188] in Kerberos-V5-bugs
Re: Bug in lifetime handling in krb524d
daemon@ATHENA.MIT.EDU (Theodore Y. Ts'o)
Tue Aug 27 18:59:43 1996
Date: Tue, 27 Aug 1996 18:59:31 -0400
From: "Theodore Y. Ts'o" <tytso@MIT.EDU>
To: Ken Hornstein <kenh@cmf.nrl.navy.mil>
Cc: krb5-bugs@MIT.EDU
In-Reply-To: "[2186] in Kerberos-V5-bugs"
Date: Mon, 26 Aug 1996 18:54:08 -0400
From: Ken Hornstein <kenh@cmf.nrl.navy.mil>
I noticed today that krb524d has a problem when calculating ticket
lifetime. It uses the current time and subtracts the expiration time
to get the V4 ticket lifetime, instead of the start time. This is
fine if you get your V4 tickets right when you get your V5 tickets,
but it doesn't work if you get your V4 tickets later than your start
time.
This isn't a bug. The idea is that if your V5 tickets only have 3 hours
left, the V4 tickets that you get should also only have 3 hours left on
them. This is similar to what happens if you get a application ticket
from your ticket-granting ticket. All of your tickets expire at the
same time, and all of your tickets are bounded by the expiration time of
your ticket-granting ticket.
- Ted
