|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |
X-Envelope-From: jaltman@secure-endpoints.com X-MDaemon-Deliver-To: krbdev@mit.edu Message-ID: <4CE70723.10203@secure-endpoints.com> Date: Fri, 19 Nov 2010 18:24:19 -0500 From: Jeffrey Altman <jaltman@secure-endpoints.com> MIME-Version: 1.0 To: Nicolas Williams <Nicolas.Williams@oracle.com> In-Reply-To: <20101119220140.GR20162@oracle.com> Cc: krbdev@mit.edu Reply-To: jaltman@secure-endpoints.com Content-Type: multipart/mixed; boundary="===============1828624040==" Errors-To: krbdev-bounces@mit.edu This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --===============1828624040== Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enig33039B2B252786A92DC7B81C" This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig33039B2B252786A92DC7B81C Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On 11/19/2010 5:01 PM, Nicolas Williams wrote: > On Fri, Nov 19, 2010 at 04:43:42PM -0500, Simo Sorce wrote: >> On Fri, 19 Nov 2010 13:21:34 -0800 >> Frank Cusack <frank+krb@linetwo.net> wrote: >> >>> When running 'kinit -R', the KDC resets the starttime on the returned= >>> TGT to "now". I'd like to modify my KDC to preserve the original >>> starttime instead. That could make a renewed TGT appear to have >>> longer than the normal maximum configured lifetime, but it seems like= >>> a fairly trivial non-problem. As opposed to a postdated ticket, this= >>> would be now be a predated ticket. >> >> Hi Frank, >> I am curious to understand why you want to do that. >> What class of use cases does it solve?=20 >=20 > My guess: it helps deal with servers whose clocks are a little bit > behind (but still within skew). I'm going to put my money on KCA issued short-lived certificates. The certs are frequently issued with a period of validity from starttime to max renew lifetime. Jeffrey Altman --------------enig33039B2B252786A92DC7B81C Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) iQEcBAEBAgAGBQJM5wclAAoJENxm1CNJffh4RSwH/RSTjOTf4gLiG1MDkU4mzIok zYEgudFCNT5/+zLEtm1QXU0IA+ZW+/rDoQ3dhOB4EfmYxZbv/x2d92xR9pR0oifA A6Nbeknt38P3LzEy+AItbd/OCb7D4h3wZM31dc7JZWqST9PPL6wxVH/BeMPeacUh lVSwUHQhp9MXxJ7953waQXu+0H70tmX8Kp8JLjRSca12yu8cAEWRDLyrDxjEwnhZ KiJ4GO2+W4+jM8o7EdqeIkUFYOLWAKV6gqrK+iryODTaMg8VuBOyP/FZ0iIjqPN1 8Peo0XRO+6JjX1vtoRvWvVlAzymr3zpXqVPJxzc3Y04B3B+F1bUIx27ETv+T330= =LYrF -----END PGP SIGNATURE----- --------------enig33039B2B252786A92DC7B81C-- --===============1828624040== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ krbdev mailing list krbdev@mit.edu https://mailman.mit.edu/mailman/listinfo/krbdev --===============1828624040==--
|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |