[1613] in Kerberos_V5_Development
Re: kadmin-created principals are expired, krb4 code thinks
daemon@ATHENA.MIT.EDU (Sam Hartman)
Mon Aug 19 14:08:23 1996
To: "Barry Jaspan" <bjaspan@MIT.EDU>
Cc: krbcore@MIT.EDU
From: Sam Hartman <hartmans@MIT.EDU>
Date: 19 Aug 1996 14:08:11 -0400
In-Reply-To: "Barry Jaspan"'s message of Mon, 19 Aug 1996 11:38:40 -0400
>>>>> "Barry" == "Barry Jaspan" <bjaspan@MIT.EDU> writes:
Barry> Apparently, kadmin creates principals with a 0
Barry> expiration time, which the krb4 code in the KDC doesn't
Barry> treat specially.
Barry> Yes, krb5 treats a zero expire time as "never expires," and
Barry> kadm5 definately does create principals this way.
Barry> There are two obvious possibilities: make kadm5 change the
Barry> way it creates principals, or modify the V4 compat kdc code
Barry> to understand a zero expire time. I'd suggest the latter.
I'll test the proposed fix. However, we should probably also change the code in get_principal to treat a 0 expire time as "never" instead of Jan 1 1970. While we're at it, there should be an easier way of saying a principal doesn't expire than entering Jan 1, 1970 directly by handicraftsman.
