[895] in Kerberos-V5-bugs
Re: v4 compatibility kdc doesn't deal properly with long lifetimes
daemon@ATHENA.MIT.EDU (John Gardiner Myers)
Sat Oct 22 11:42:44 1994
Date: Sat, 22 Oct 1994 11:40:19 -0400 (EDT)
From: John Gardiner Myers <jgm+@CMU.EDU>
To: krb5-bugs@MIT.EDU
In-Reply-To: <9410220052.AA12854@oliver.MIT.EDU>
Long lifetimes are supported by Transarc's v4 server, which is
deployed quite some number of places other than CMU. I believe they
have also been incorporated into UMich's AuthMan.
The "extended lifetime" table is said to have been "agreed upon at the
meeting at Apollo in Boston in November 88". It's not just a CMUism.
MIT kerberos v4 never issued lifetime values greater than 127, above
that there were numerous sign extension bugs. If krb5's is going to
issue v4 lifetime values above 127 which don't conform to this table,
there are going to be severe interoperability problems
When I submitted patches to implement long lifetimes in the MIT v4
implementation, I was told that MIT was not making any more v4
releases. MIT later proceeded to issue another v4 release that didn't
incorporate the code, I wasn't particularly pleased about that.
--
_.John G. Myers Internet: jgm+@CMU.EDU
LoseNet: ...!seismo!ihnp4!wiscvm.wisc.edu!give!up
