Skip Menu |

Subject: git commit
Download (untitled) / with headers
text/plain 1.2KiB

Refactor KDC renewable ticket handling

Create a new helper to compute the renewable lifetime for AS and TGS
requests. This has some minor behavior differences:

* We only issue a renewable ticket if the renewable lifetime is greater
than the normal ticket lifetime.

* We give RENEWABLE precedence over RENEWABLE-OK in determining the
requested renewable lifetime, instead of sometimes doing the

* We use the client's maximum renewable life for TGS requests if we
have looked up its DB entry.

* Instead of rejecting requests for renewable tickets (if the client
or server principal doesn't allow it, or a TGS request's TGT isn't
renewable), issue non-renewable tickets.
Author: Greg Hudson <>
Commit: 4f551a7ec126c52ee1f8fea4c3954015b70987bd
Branch: master
src/kdc/do_as_req.c | 29 ++-------------------
src/kdc/do_tgs_req.c | 28 +++-----------------
src/kdc/kdc_util.c | 56 +++++++++++++++++++++++++++++++++++------
src/kdc/kdc_util.h | 5 +++
src/kdc/tgs_policy.c | 2 +-
src/tests/ | 68 ++++++++++++++++++++++++++++++++++++++++++++++---
6 files changed, 124 insertions(+), 64 deletions(-)