Skip Menu |
 

Subject: [libdefaults] lifetimes should have a default unit
Lifetime values set in the libdefaults section should have a default unit.

We just started supporting the "ticket_lifetime" libdefault. Since it was
previously ignored, configuration files with the string
"ticket_lifetime = 600" and similar values with no units have propogated
to a large number of configuration files. People with these configuration
files will start getting EINVAL from krb5_get_init_creds() when they upgrade
to 1.4.

We have already had two reports of people running into this problem with
1.4-current (UMich and Apple). I can only assume that it will get worse.

We should either modify the code that reads the libdefault or
krb5_string_to_deltat().

I do not care if we default to seconds or minutes. Looking at the config
files containing this value, people seem to assume it will default to seconds.

Also, we should not return EINVAL from krb5_string_to_deltat in this situation.
How about a "Invalid lifetime" error? Then at least the user knows to look for
lifetime values.
Looking at google output for "ticket_lifetime" there seems to be an overwhelming assumption
that a unitless number is in seconds. In addition, Heimdal defaults to seconds.

As a result we should probably default to seconds, even though in an ideal world, minutes
makes more sense.
From: lxs@mit.edu
Subject: CVS Commit
krb5_string_to_deltat should default to seconds if no unit is provided. If the format is invalid, it should return a distinct error (KRB5_DELTAT_BADFORMAT, not EINVAL).


To generate a diff of this commit:



cvs diff -r5.452 -r5.453 krb5/src/lib/krb5/krb/ChangeLog
From: lxs@mit.edu
Subject: CVS Commit
krb5_string_to_deltat should default to seconds if no unit is provided. If the format is invalid, it should return a distinct error (KRB5_DELTAT_BADFORMAT, not EINVAL).


To generate a diff of this commit:



cvs diff -r5.98 -r5.99 krb5/src/lib/krb5/error_tables/ChangeLog
From: lxs@mit.edu
Subject: CVS Commit
krb5_string_to_deltat should default to seconds if no unit is provided. If the format is invalid, it should return a distinct error (KRB5_DELTAT_BADFORMAT, not EINVAL).


To generate a diff of this commit:



cvs diff -r5.5 -r5.6 krb5/src/lib/krb5/krb/deltat.c
From: lxs@mit.edu
Subject: CVS Commit
krb5_string_to_deltat should default to seconds if no unit is provided. If the format is invalid, it should return a distinct error (KRB5_DELTAT_BADFORMAT, not EINVAL).


To generate a diff of this commit:



cvs diff -r5.75 -r5.76 krb5/src/lib/krb5/error_tables/krb5_err.et
From: lxs@mit.edu
Subject: CVS Commit
krb5_string_to_deltat should default to seconds if no unit is provided. If the format is invalid, it should return a distinct error (KRB5_DELTAT_BADFORMAT, not EINVAL).


To generate a diff of this commit:



cvs diff -r5.5 -r5.6 krb5/src/lib/krb5/krb/x-deltat.y
From: tlyu@mit.edu
Subject: CVS Commit
* t_deltat.c (main): Unadorned integer no longer fails now that we
default to seconds.


To generate a diff of this commit:



cvs diff -r5.453 -r5.454 krb5/src/lib/krb5/krb/ChangeLog
cvs diff -r5.4 -r5.5 krb5/src/lib/krb5/krb/t_deltat.c