krb5/krb5-1.11.3-skew3.patch

commit 3b1b31a57cd932eda928932e67f5f2857929f429
Author: Greg Hudson <ghudson@mit.edu>
Date:   Sun Jun 2 15:36:40 2013 -0400

    Fix spurious clock skew caused by preauth delay
    
    Commit 37b0e55e21926c7875b7176e24e13005920915a6 (#7063) prevented
    clock skew caused by preauth delay by recording the time of the
    initial request.  However, it failed to take into account delay
    between requests due to prompting during preauthentication.  Fix this
    by recording the request time for each request.
    
    ticket: 7656 (new)

diff --git a/src/lib/krb5/krb/get_in_tkt.c b/src/lib/krb5/krb/get_in_tkt.c
index ff455d3..0dd497e 100644
--- a/src/lib/krb5/krb/get_in_tkt.c
+++ b/src/lib/krb5/krb/get_in_tkt.c
@@ -1256,6 +1256,9 @@ init_creds_step_request(krb5_context context,
         }
     }
 
+    /* Remember when we sent this request (after any preauth delay). */
+    ctx->request_time = time(NULL);
+
     if (ctx->encoded_previous_request != NULL) {
         krb5_free_data(context, ctx->encoded_previous_request);
         ctx->encoded_previous_request = NULL;