Tickets Longer Than Wanted?
John Hascall
john at iastate.edu
Wed Jan 9 15:36:19 EST 2008
> >>>>> "John" == John Hascall <john at iastate.edu> writes:
> >> Also, what release are you
> >> running? ... bug in krb5-1.3 ...
> >> If you are seeing this behavior with a recent release, we would
> >> appreciate hearing more details.
> John> 1.6.3
> The error you are seeing is not consistent with my inspection of the
> code. krb5int_populate_gic_opt() (called by
> krb5_get_in_tkt_with_keytab()) in krb5-1.4 and later explicitly check
> the value of creds->times.endtime and call
> krb5_get_init_creds_opt_set_tkt_life() if it is set, while krb5-1.3
> and earlier did not.
I could not make any sense of it from the my reading of the code either.
> We could attempt to reproduce your problem on recent code, and having
> a concise test case from you would be helpful.
My code is in the file mod_isuacl.c
in /afs/iastate.edu/project/vincent/experimental/john/linux/mod_isuacl/
which you should have access rights to, *however*, I switched to using
the krb5_get_init_creds_keytab() function instead, as that was described
here as the currently recommended way to do this (and that works fine).
Plus it being an Apache module, alas, makes debugging it extra special fun.
So, I'm not sure I'd bother.
Thanks anyway,
John
More information about the Kerberos
mailing list