[prev in list] [next in list] [prev in thread] [next in thread]
List: krb5-bugs
Subject: [krbdev.mit.edu #7610] git commit
From: "Tom Yu via RT" <rt-comment () krbdev ! mit ! edu>
Date: 2013-04-22 22:41:54
Message-ID: rt-7610-38432.9.62875638699437 () krbdev ! mit ! edu
[Download RAW message or body]
Fix spurious clock skew caused by gak_fct delay
In get_in_tkt.c, a time offset is computed between the KDC's auth_time
and the current system time after the reply is decrypted. Time may
have elapsed between these events because of a gak_fct invocation
which blocks on user input. The resulting spurious time offset can
cause subsequent TGS-REQs to fail and can also cause the end time of
the next AS request to be in the past (issue #889) in cases where the
old ccache is opened to find the default principal.
Use the system time, without offset, for the request time of an AS
request, for more predictable kinit behavior. Use this request time,
rather than the current time, when computing the clock skew after the
reply is decrypted.
(cherry picked from commit 37b0e55e21926c7875b7176e24e13005920915a6)
https://github.com/krb5/krb5/commit/9ae208f189a68fd84d69842b6ec631149ea956bb
Author: Greg Hudson <ghudson@mit.edu>
Committer: Tom Yu <tlyu@mit.edu>
Commit: 9ae208f189a68fd84d69842b6ec631149ea956bb
Branch: krb5-1.9
src/lib/krb5/krb/get_in_tkt.c | 9 ++++-----
1 files changed, 4 insertions(+), 5 deletions(-)
_______________________________________________
krb5-bugs mailing list
krb5-bugs@mit.edu
https://mailman.mit.edu/mailman/listinfo/krb5-bugs
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic