[17345] in Kerberos_V5_Development

home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: Make krb5int_check_clockskew() public?

daemon@ATHENA.MIT.EDU (Greg Hudson)
Mon Oct 31 12:46:52 2011

Message-ID: <4EAED0D9.7080707@mit.edu>
Date: Mon, 31 Oct 2011 12:46:17 -0400
From: Greg Hudson <ghudson@mit.edu>
MIME-Version: 1.0
To: Linus Nordberg <linus@nordu.net>
In-Reply-To: <ysz7h3ohj3c.fsf@nordberg.se>
Cc: "krbdev@mit.edu" <krbdev@mit.edu>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu

On 10/28/2011 06:00 PM, Linus Nordberg wrote:
> I'd like krb5int_check_clockskew() to be made public in order to not
> have to peek into the krb5_context for clockskew.

Done on trunk and marked for pullup to 1.10.

> If y'all think usec is important enough, I'd like to see a variant of
> krb5int_check_clockskew() taking usec into account as well.

This seems unnecessary, since clock skew is typically on the order of
300 seconds and no existing checks (rd_req, rd_safe, rd_priv, rd_cred,
encrypted timestamp, encrypted challenge) are taking microseconds into
account.
_______________________________________________
krbdev mailing list             krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev

home	help	back	first	fref	pref	prev	next	nref	lref	last	post