krb5/krb5-1.6.2-key_exp.patch

21 lines
933 B
Diff
Raw Normal View History

Sadique Puthen notes that the warning on the client side seems to be correspond
to the wrong attribute on the KDC. Do what RFC4120 says we should do. RT#5755.
--- krb5-1.6.2/src/kdc/do_as_req.c 2007-06-25 15:49:06.000000000 -0400
+++ krb5-1.6.2/src/kdc/do_as_req.c 2007-06-25 15:49:08.000000000 -0400
@@ -371,7 +371,14 @@ process_as_req(krb5_kdc_req *request, kr
goto errout;
}
reply_encpart.nonce = request->nonce;
- reply_encpart.key_exp = client.expiration;
+ if (client.expiration == 0) {
+ reply_encpart.key_exp = client.pw_expiration;
+ } else if (client.pw_expiration == 0) {
+ reply_encpart.key_exp = client.expiration;
+ } else {
+ reply_encpart.key_exp = client.pw_expiration < client.expiration ?;
+ client.pw_expiration : client.expiration;
+ }
reply_encpart.flags = enc_tkt_reply.flags;
reply_encpart.server = ticket_reply.server;