| |
|
Thu Aug 5 17:47:39 2004 |
lxs - Ticket created
|
|
|
| |
|
Subject: krb5_get_init_creds() allows renew_until time < expiration time
krb5_get_init_creds() should not allow ticket requests where the renew_until time is
less
than the ticket expiration time. This can easily happen if the user has a default
renew_lifetime in libdefaults.
For example, if the user's renew_lifetime is set to 7 days in libdefaults and then
the user runs
"kinit -l 10d", then krb5_get_init_creds() will end up with a renew_until time less
than the
ticket expiration time without explicitly doing anything stupid.
I believe a correct way to fix this is to add a check so that if this case happens,
krb5_get_init_creds() sets the renew_until time to the larger lifetime. Ie:
if (request.rtime < request.till) {
request.rtime = request.till;
}
|
Download (untitled) 727b
|
| |
|
Thu Aug 12 15:07:13 2004 |
lxs - Ticket 2655 RefersTo ticket 2654.
|
|
|
| |
|
Thu Aug 12 15:07:14 2004 |
lxs - Ticket 2655 RefersTo ticket 2656.
|
|
|
| |
|
Thu Aug 12 15:10:51 2004 |
lxs - Status changed from open to resolved
|
|
|
| |
|
Thu Aug 12 15:10:51 2004 |
lxs - Correspondence added
|
|
|
| |
|
From: lxs@mit.edu
Subject: CVS Commit
get_in_tkt.c (get_init_creds): Support ticket_lifetime libdefault. Made aware of 32
bit min and max for times. Allow renew_until time < expiration time.
To generate a diff of this commit:
cvs diff -r5.447 -r5.448 krb5/src/lib/krb5/krb/ChangeLog
|
Download (untitled) 251b
|
| |
|
Thu Aug 12 15:10:59 2004 |
lxs - Correspondence added
|
|
|
| |
|
From: lxs@mit.edu
Subject: CVS Commit
get_in_tkt.c (get_init_creds): Support ticket_lifetime libdefault. Made aware of 32
bit min and max for times. Allow renew_until time < expiration time.
To generate a diff of this commit:
cvs diff -r5.110 -r5.111 krb5/src/lib/krb5/krb/get_in_tkt.c
|
Download (untitled) 254b
|
| |
|
Mon Nov 15 22:22:16 2004 |
tlyu - Version_Fixed 1.4 added
|
|
|
