[1336] in Kerberos_V5_Development
Re: V4 vs. V5 principal expiration
daemon@ATHENA.MIT.EDU (Theodore Y. Ts'o)
Wed Jun 19 21:41:51 1996
Date: Wed, 19 Jun 1996 21:41:35 -0400
From: "Theodore Y. Ts'o" <tytso@MIT.EDU>
To: "Barry Jaspan" <bjaspan@MIT.EDU>
Cc: krbdev@MIT.EDU
In-Reply-To: Barry Jaspan's message of Tue, 18 Jun 96 12:06:11 -0400,
<9606181606.AA21775@beeblebrox.MIT.EDU>
Date: Tue, 18 Jun 96 12:06:11 -0400
From: "Barry Jaspan" <bjaspan@MIT.EDU>
Looking at the code, kerberos_v4.c clearly does not have an exception
for an expiration time of zero meaning "never":
if ((u_long) p->exp_date < (u_long) kerb_time.tv_sec) {
/* service did expire, log it */
...
}
I'd propose we fix this problem by changing the behavior of
kerberos_v4.c so that expiration time of zero does mean "never".
- Ted
