[krbdev.mit.edu #2919] Default ticket lifetime changed with 1.4
The RT System itself via RT
rt-comment at krbdev.mit.edu
Thu Feb 10 13:13:14 EST 2005
>From krb5-bugs-incoming-bounces at PCH.mit.edu Thu Feb 10 13:13:09 2005
Received: from pch.mit.edu (PCH.MIT.EDU [18.7.21.90]) by krbdev.mit.edu (8.9.3p2) with ESMTP
id NAA16806; Thu, 10 Feb 2005 13:13:09 -0500 (EST)
Received: from pch.mit.edu (pch.mit.edu [127.0.0.1])
by pch.mit.edu (8.12.8p2/8.12.8) with ESMTP id j1AICdh7024947
for <krb5-send-pr at krbdev.mit.edu>; Thu, 10 Feb 2005 13:12:39 -0500
Received: from fort-point-station.mit.edu (FORT-POINT-STATION.MIT.EDU
[18.7.7.76])
by pch.mit.edu (8.12.8p2/8.12.8) with ESMTP id j1AEcQh7012472
for <krb5-bugs-incoming at PCH.mit.edu>; Thu, 10 Feb 2005 09:38:26 -0500
Received: from email.nyfix.com (email.nyfix.com [63.162.209.25])
j1AEcGQ2007571
for <krb5-bugs at mit.edu>; Thu, 10 Feb 2005 09:38:18 -0500 (EST)
Received: from email2.nyfix.com [172.26.38.26]
by email.nyfix.com
with XWall v3.31 ;
Thu, 10 Feb 2005 09:38:15 -0500
X-MimeOLE: Produced By Microsoft Exchange V6.0.6487.1
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
charset="us-ascii"
Date: Thu, 10 Feb 2005 09:38:15 -0500
Message-ID: <1F5F3B6A527E514F8C6FA47F94FEEBB70E6C19DF at stmail1.nyfix.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: Bug in time implementation of Kerberos 1.4
Thread-Index: AcUPfiDQr3D/0KhwQh+1Rt62Gv/Fnw==
From: "Joshua Fritsch" <joshua.fritsch at nyfix.com>
To: <krb5-bugs at mit.edu>
X-Spam-Score: -4.9
X-Spam-Flag: NO
X-Scanned-By: MIMEDefang 2.42
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by pch.mit.edu id
j1AEcQh7012472
X-Mailman-Approved-At: Thu, 10 Feb 2005 13:12:38 -0500
cc: Security <security at nyfix.com>
Subject: Bug in time implementation of Kerberos 1.4
X-BeenThere: krb5-bugs-incoming at mailman.mit.edu
X-Mailman-Version: 2.1
Precedence: list
Sender: krb5-bugs-incoming-bounces at PCH.mit.edu
Errors-To: krb5-bugs-incoming-bounces at PCH.mit.edu
Hello,
The krb5-send-pr program seg faulted on me and I don't have time to
debug it at the moment, so here's the saved output. In short, something
changed with how the time value is processed as of version 1.4.
~~~~~~~~~~~~~~~~~~~~~~~~~~~
Joshua Fritsch
Principal Security Analyst
NYFIX, Inc.
(814) 235-5395
joshua at nyfix.com
###############################
To: krb5-bugs at mit.edu
Subject: Time format change in 1.4?
From: joshua.fritsch at nyfix.com
Reply-To: security at nyfix.com
Cc: security at nyfix.com
X-send-pr-version: 3.99
>Submitter-Id: net
>Originator: Joshua Fritsch
>Organization: NYFIX, Inc.
>Confidential: no
>Synopsis: Default ticket lifetime changed with 1.4
>Severity: non-critical
>Priority: medium
>Category: bug
>Class: sw-bug
>Release: 1.4
>Environment:
System: SunOS aragorn 5.9 Generic_112233-11 sun4u sparc
SUNW,Sun-Blade-100
Architecture: sun4
>Description:
The setting in /etc/krb5.conf of "600" for the default ticket lifetime
now defaults to 10 minutes instead of 10 hours!
>How-To-Repeat:
Upgrade to 1.4 and leave "600" as the ticket_lifetime value in krb5.conf
>Fix:
Bump up the ticket_lifetime value. I just added a zero (6000) which gave
me
12 hour tickets.
More information about the krb5-bugs
mailing list