[1610] in Kerberos_V5_Development
Re: kadmin-created principals are expired, krb4 code thinks
daemon@ATHENA.MIT.EDU (Barry Jaspan)
Mon Aug 19 11:38:46 1996
Date: Mon, 19 Aug 1996 11:38:40 -0400
From: "Barry Jaspan" <bjaspan@MIT.EDU>
To: hartmans@MIT.EDU
Cc: krbcore@MIT.EDU
In-Reply-To: <199608190343.XAA12375@tertius.mit.edu> (message from Sam Hartman
on Sun, 18 Aug 1996 23:43:23 -0400)
Apparently, kadmin creates principals with a 0 expiration
time, which the krb4 code in the KDC doesn't treat specially.
Yes, krb5 treats a zero expire time as "never expires," and kadm5
definately does create principals this way.
There are two obvious possibilities: make kadm5 change the way it
creates principals, or modify the V4 compat kdc code to understand a
zero expire time. I'd suggest the latter. Perhaps it would be as
easy as changing the first line of
/* make sure the service hasn't expired */
if ((u_long) p->exp_date < (u_long) kerb_time.tv_sec) {
/* service did expire, log it */
lt = klog(L_ERR_SEXP,
"EXPIRED \"%s\" \"%s\" %s", p->name, p->instance,
krb4_stime(&(p->exp_date)), 0);
return KERB_ERR_NAME_EXP;
}
Barry
