[1481] in Kerberos_V5_Development
Re: kadmin.exp or kadmin is confused
daemon@ATHENA.MIT.EDU (Barry Jaspan)
Fri Aug 2 11:43:43 1996
Date: Fri, 2 Aug 1996 11:43:38 -0400
From: "Barry Jaspan" <bjaspan@MIT.EDU>
To: hartmans@MIT.EDU
Cc: krbcore@MIT.EDU
In-Reply-To: <199608020617.CAA16133@tertius.mit.edu> (message from Sam Hartman on Fri, 2 Aug 1996 02:17:30 -0400)
Tom says:
The following produces a principal with apparently negative
maximum lifetime.
if {![kadmin_add testuser longtestpw] \
|| ![kinit testuser longtestpw 0] \
|| ![kdestroy] \
|| ![kadmin_modify testuser "-maxlife 2500"] \
|| ![kinit testuser longtestpw 0] \
|| ![kdestroy] \
|| ![kadmin_delete testuser]} {
I have already reported this behavior as a bug, but then I forgot
about it (we really need gnats or some other bug tracking system).
Enclosed below is my bug report, and Mark's response with a possible
solution.
Barry
----------------------------------------------------------------------
[1142] daemon@ATHENA.MIT.EDU (Barry Jaspan) Kerberos_V5_Development 05/08/96 15:01 (55 lines)
Subject: getdate.y loses on integers
Date: Wed, 8 May 96 15:00:50 -0400
From: "Barry Jaspan" <bjaspan@MIT.EDU>
To: krbdev@MIT.EDU
secure_admin_cli (to be kadmin) uses a public-domain program called
getdate (a yacc script) to parse English dates into timestamps. If
you give it just an integer, it parses it as hh:mm:ss with the hh:mm
part missing, which ends up being interpreted as "that many seconds
from the start of *today*" which of course is a negative number. For
example,
secure_admin_cli.local: modpol -maxlife 0 default
secure_admin_cli.local: getpol default
Policy: default
Maximum password life: -57425
Minimum password life: 0
Minimum password length: 1
Minimum number of password character classes: 1
Number of old keys kept: 1
Reference count: 0
% date
Wed May 8 14:57:15 EDT 1996
Notice that 57425 is approximately the number of seconds since
midnight.
If getdate is given a relative specifier, everything works fine:
secure_admin_cli.local: modpol -maxlife "0 seconds" default
secure_admin_cli.local: getpol default
Policy: default
Maximum password life: 0
Minimum password life: 0
Minimum password length: 1
Minimum number of password character classes: 1
Number of old keys kept: 1
Reference count: 0
secure_admin_cli.local: modpol -maxlife "2 months" default
secure_admin_cli.local: getpol default
Policy: default
Maximum password life: 5270400
Minimum password life: 0
Minimum password length: 1
Minimum number of password character classes: 1
Number of old keys kept: 1
Reference count: 0
However, a number of users will probably realize that the values are
being interpreted as seconds, and to save typing will enter a value as
an integer, and get totally unexpected results. We should fix this.
Barry
--[1142]--
----------------------------------------------------------------------
[1149] daemon@ATHENA.MIT.EDU (Mark Eichin) Kerberos_V5_Development 05/10/96 02:50 (8 lines)
Subject: Re: getdate.y loses on integers
To: "Barry Jaspan" <bjaspan@MIT.EDU>
Cc: krbdev@MIT.EDU
From: Mark Eichin <eichin@MIT.EDU>
Date: 10 May 1996 02:49:48 -0400
In-Reply-To: "Barry Jaspan"'s message of Wed, 8 May 96 15:00:50 -0400
Why not just use krb5_string_to_deltat, and tell people if they want
seconds, to throw an 's' on the end?
--[1149]--
