Skip Menu |
 

To: krb5-bugs@mit.edu
Subject: renewable_ok behavior broken
Date: Fri, 6 Jun 2003 14:31:05 -0400 (EDT)
From: hartmans@MIT.EDU (Sam Hartman)


If you have renewable and renewable_ok both set in kdc options and
request tickets with a longer lifetime than allowed by KDC policy but
provide a much longer rtime in the request, our KDC will ignore the
rtime and give you tickets renewable only as long as your lifetime
allowed.
Subject: Renewable liftetimes wrong on tickets requesting lifetime greater than KDC max
If I request a renewable ticket with a lifetime greater than the maximum
allowed by the KDC, such that the KDC truncates my lifetime, the renewal
lifetime of the ticket granted to me is incorrect.

Instead of getting my requested renewable lifetime (7 days), I got a
renewable lifetime equivalent to my original requested ticket liftime (1
day). Alexis believes the code that automatically turns non-renewable
tickets that are longer than the allowed max into renewable tickets is
interefering with tickets that are already renewable.

Setting kdc_default_options = 0 in [libdefaults] makes the problem go away.
From: hartmans@mit.edu
Subject: CVS Commit
Don't allow renewable_ok to be set if the renew liftime is greater
than the ticket lifetime.


To generate a diff of this commit:



cvs diff -r5.411 -r5.412 krb5/src/lib/krb5/krb/ChangeLog
cvs diff -r5.107 -r5.108 krb5/src/lib/krb5/krb/get_in_tkt.c
From: tlyu@mit.edu
Subject: CVS Commit
pullup from trunk


To generate a diff of this commit:



cvs diff -r5.378.2.19 -r5.378.2.20 krb5/src/lib/krb5/krb/ChangeLog
cvs diff -r5.101.2.6 -r5.101.2.7 krb5/src/lib/krb5/krb/get_in_tkt.c