Check timestamp in PKINIT kdcpreauth module RFC 4556 requires the KDC to check the PKAuthenticator timestamp in order to prevent replays after the five-minute clock skew window. (A replay attack has minimal value; it only causes the KDC to issue a ticket which an attacker cannot decrypt.) [ghudson@mit.edu: rewrote commit message; squashed with typo fix; style fixes] https://github.com/krb5/krb5/commit/54984d618e01027abe73e6772fe7049c79938518 Author: Thomas Calderon Committer: Greg Hudson Commit: 54984d618e01027abe73e6772fe7049c79938518 Branch: master src/plugins/preauth/pkinit/pkinit_srv.c | 5 +++++ 1 files changed, 5 insertions(+), 0 deletions(-)