Date: | Thu, 07 Feb 2013 21:46:20 -0500 |
From: | Richard Basch <basch@alum.mit.edu> |
Subject: | krb5-1.10.3 - Ticket lifetimes can be "negative" (this is a bad idea) |
To: | krb5-bugs@mit.edu |
It is possible to request tickets with a “negative” lifetime, e.g. “kinit -l -3600”.
It shouldn’t be possible to request tickets whose “start time” is greater than the “expiration time”. I suspect there be some issues on 32-bit OS’s with underflows.