jrische / rpms / krb5

Forked from rpms/krb5 2 years ago
Clone
Source Code
GIT

Files

aes_sha2 cms_error embargo f10 f11 f12 f13 f14 f15 f16 f16-s4u f17 f18 f19 f20 f21 f22 f23 f24 f25 f26 f27 f28 f29 f30 f31 f32 f33 f34 f35 f35-rhbz2119704 f36 f36-rhbz2119704 f37 f37-rhbz2182135 f38-rhbz2181311 f38_next f38_tgs_dbl_free f39 f39_1.21.2 f7 f8 f9 klist_double_free lmdb_default main master-f15-1.9 master-f15-nss next rawhide rawhide-rhbz2181311 rawhide_1.21 rawhide_1.21.2 rawhide_fix_leaks rawhide_pac_privsvr_enctype rawhide_ssl_wrap_socket rhbz2166001 setuid tgs_dbl_free tmt
  1.   f10
  2.   krb5-1.6.2-key_exp.patch
Blob Blame History Raw 
Sadique Puthen notes that the warning on the client side seems to be correspond
to the wrong attribute on the KDC.  Do what RFC4120 says we should do.  RT#5755.
--- krb5-1.6.2/src/kdc/do_as_req.c	2007-06-25 15:49:06.000000000 -0400
+++ krb5-1.6.2/src/kdc/do_as_req.c	2007-06-25 15:49:08.000000000 -0400
@@ -371,7 +371,14 @@ process_as_req(krb5_kdc_req *request, kr
 	goto errout;
     }
     reply_encpart.nonce = request->nonce;
-    reply_encpart.key_exp = client.expiration;
+    if (client.expiration == 0) {
+       reply_encpart.key_exp = client.pw_expiration;
+    } else if (client.pw_expiration == 0) {
+       reply_encpart.key_exp = client.expiration;
+    } else {
+       reply_encpart.key_exp = client.pw_expiration < client.expiration ?
+                               client.pw_expiration : client.expiration;
+    }
     reply_encpart.flags = enc_tkt_reply.flags;
     reply_encpart.server = ticket_reply.server;
Powered by Pagure 5.14.1
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.