Received: from pch.mit.edu (PCH.MIT.EDU [18.7.21.90]) by krbdev.mit.edu (8.9.3p2) with ESMTP id SAA13702; Wed, 14 Feb 2007 18:54:28 -0500 (EST) Received: from pch.mit.edu (pch.mit.edu [127.0.0.1]) by pch.mit.edu (8.13.6/8.12.8) with ESMTP id l1ENrwTp016181; Wed, 14 Feb 2007 18:53:58 -0500 Received: from fort-point-station.mit.edu (FORT-POINT-STATION.MIT.EDU [18.7.7.76]) by pch.mit.edu (8.13.6/8.12.8) with ESMTP id l1EK618Y003727 for ; Wed, 14 Feb 2007 15:06:01 -0500 Received: from mit.edu (W92-130-BARRACUDA-3.MIT.EDU [18.7.21.224]) by fort-point-station.mit.edu (8.13.6/8.9.2) with ESMTP id l1EK5sCL012076 for ; Wed, 14 Feb 2007 15:05:55 -0500 (EST) Received: from brmea-mail-1.sun.com (brmea-mail-1.Sun.COM [192.18.98.31]) by mit.edu (Spam Firewall) with ESMTP id 7D807270537 for ; Wed, 14 Feb 2007 15:05:54 -0500 (EST) Received: from fe-amer-01.sun.com ([192.18.108.175]) by brmea-mail-1.sun.com (8.13.6+Sun/8.12.9) with ESMTP id l1EK5rMO003539 for ; Wed, 14 Feb 2007 13:05:53 -0700 (MST) Received: from conversion-daemon.mail-amer.sun.com by mail-amer.sun.com (Sun Java System Messaging Server 6.2-6.01 (built Apr 3 2006)) id <0JDG00J01Y6QIB00@mail-amer.sun.com> (original mail from Shawn.Emery@Sun.COM) for krb5-bugs@mit.edu; Wed, 14 Feb 2007 13:05:53 -0700 (MST) Received: from [129.150.48.6] by mail-amer.sun.com (Sun Java System Messaging Server 6.2-6.01 (built Apr 3 2006)) with ESMTPSA id <0JDG00GYWYHSUDB1@mail-amer.sun.com> for krb5-bugs@mit.edu; Wed, 14 Feb 2007 13:05:53 -0700 (MST) Date: Wed, 14 Feb 2007 13:03:59 -0700 From: Shawn M Emery Subject: acct exp only sent in AS-REP To: krb5-bugs@mit.edu Message-Id: <45D36B2F.7010007@sun.com> MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset=ISO-8859-1 Content-Transfer-Encoding: 7BIT User-Agent: Thunderbird 1.5.0.9 (X11/20061228) X-Spam-Score: 0.00 X-Spam-Flag: NO X-Scanned-BY: MIMEDefang 2.42 X-Mailman-Approved-At: Wed, 14 Feb 2007 18:53:57 -0500 X-Beenthere: krb5-bugs-incoming@mailman.mit.edu X-Mailman-Version: 2.1.6 Precedence: list Sender: krb5-bugs-incoming-bounces@PCH.mit.edu Errors-To: krb5-bugs-incoming-bounces@PCH.mit.edu X-RT-Original-Encoding: iso-8859-1 Content-Length: 1449 Currently the KDC will only populate the key expiration field in the AS-REP with the account expiration information. It should provide either account exp or pw exp, whichever expires first. These are diffs of the fix based on the 1.6 release: kdc/do_as_req.c: @@ -70,11 +70,11 @@ #ifdef KRBCONF_KDC_MODIFIES_KDB krb5_boolean update_client = 0; #endif /* KRBCONF_KDC_MODIFIES_KDB */ krb5_data e_data; register int i; - krb5_timestamp until, rtime; + krb5_timestamp until, rtime, etime = 0; char *cname = 0, *sname = 0; const char *fromstring = 0; char ktypestr[128]; char rep_etypestr[128]; char fromstringbuf[70]; @@ -369,11 +369,18 @@ if ((errcode = fetch_last_req_info(&client, &reply_encpart.last_req))) { status = "FETCH_LAST_REQ"; goto errout; } reply_encpart.nonce = request->nonce; - reply_encpart.key_exp = client.expiration; + + /* Take the minimum of expiration or pw_expiration if not zero. */ + if (client.expiration != 0 && client.pw_expiration != 0) + etime = min(client.expiration, client.pw_expiration); + else + etime = client.expiration ? client.expiration : client.pw_expiration; + + reply_encpart.key_exp = etime; reply_encpart.flags = enc_tkt_reply.flags; reply_encpart.server = ticket_reply.server; /* copy the time fields EXCEPT for authtime; it's location is used for ktime */ Shawn. --