[Heimdal-source-changes] [heimdal/heimdal] 2acf60: Fix never valid error condition in KDC
GitHub
noreply at github.com
Ons Nov 27 02:51:14 CET 2013
Branch: refs/heads/heimdal-1-5-branch
Home: https://github.com/heimdal/heimdal
Commit: 2acf60e58f4450380eeacfdfa6d3f7341e4394b0
https://github.com/heimdal/heimdal/commit/2acf60e58f4450380eeacfdfa6d3f7341e4394b0
Author: Nicolas Williams <nico at cryptonector.com>
Date: 2013-11-26 (Tue, 26 Nov 2013)
Changed paths:
M kdc/krb5tgs.c
Log Message:
-----------
Fix never valid error condition in KDC
The TGS was incorrectly using authtime to compute renew_till for new
tickets, which was in turn leading to endtime potentially being equal to
starttime, which caused the TGS to return KRB5KDC_ERR_NEVER_VALID.
This happens when the TGT renewal lifetime is longer than the max renew
lifetime of any other services, after that much time (target services'
max renew life) passes. The TGT is still good but TGS-REQs fail.
More information about the Heimdal-source-changes
mailing list