[3370] in Kerberos-V5-bugs
krb5-kdc/1137: conflicting defaults for some kdc.conf tags
daemon@ATHENA.MIT.EDU (jenselby@mit.edu)
Sun Jul 14 20:29:13 2002
Resent-From: gnats@rt-11.mit.edu (GNATS Management)
Resent-To: krb5-unassigned@rt-11.mit.edu
Resent-Reply-To: krb5-bugs@mit.edu, jenselby@mit.edu
Message-Id: <200207150027.UAA08797@quiche-lorraine.mit.edu>
From: jenselby@mit.edu
Reply-To: jenselby@mit.edu
To: krb5-bugs@mit.edu
Errors-To: krb5-bugs-admin@mit.edu
Date: Sun, 14 Jul 2002 20:27:18 -0400
>Number: 1137
>Category: krb5-kdc
>Synopsis: conflicting defaults for some kdc.conf tags
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: krb5-unassigned
>State: open
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Sun Jul 14 20:28:01 EDT 2002
>Last-Modified:
>Originator: Jen Selby
>Organization:
MIT
>Release: krb5-1.2.5
>Environment:
>Description:
in lib/kadm5/alt_prof.c, there are two functions for reading
kdc.conf, krb5_read_realm_params and kadm5_get_config_params.
krb5_read_realm_params is called from kdc/main.c, which uses
a default of one day for the max_life tag, one week for the
max-renewable_life tag, and Jan 1 2038 for the
default_principal_expiration tag. The other function is
called from many places and has its own hard-coded defaults,
which are 10 hours, 0, and 0 respectively.
>How-To-Repeat:
>Fix:
Figure out which defaults are best, and change the hardcoded
defaults to those. Change the two functions so that one of them
calls the other, or get rid of krb5_read_realm_params (making
sure that kadm5_get_config_params has all needed functionality)
and change the call in kdc/main.c.
>Audit-Trail:
>Unformatted:
_______________________________________________
krb5-bugs mailing list
krb5-bugs@mit.edu
http://mailman.mit.edu/mailman/listinfo/krb5-bugs
