[krbdev.mit.edu #8609] git commit
Greg Hudson via RT
rt-comment at krbdev.mit.edu
Thu Aug 31 00:28:55 EDT 2017
Issue trivially renewable tickets
If the client specifically asks for renewable tickets but the
renewable end time (either requested or after restrictions) doesn't
exceed the ticket end time, issue a renewable ticket anyway. Issuing
a non-renewable ticket (as we started doing in release 1.12, due to
the refactoring in commit 4f551a7ec126c52ee1f8fea4c3954015b70987bd)
can be unfriendly to scripts.
Also make sure never to issue a ticket with the renewable flag set but
no renew-till field, by clearing the renewable flag at the start of
kdc_get_ticket_renewtime(). The flag could have been previously set
by the assignment "enc_tkt_reply = *(header_ticket->enc_part2)" in
process_tgs_req() when processing a renewal request.
Modify t_renew.py to expect renewable tickets in some tests where it
previously did not, to check for specific lifetimes, and to check the
renewable flag as well as the renewable lifetime.
https://github.com/krb5/krb5/commit/45c19b19ea4d47ac5969a9cbdb308201b16615d8
Author: Greg Hudson <ghudson at mit.edu>
Commit: 45c19b19ea4d47ac5969a9cbdb308201b16615d8
Branch: master
src/kdc/kdc_util.c | 15 ++++++----
src/tests/t_renew.py | 71 +++++++++++++++++++++++++++++++++++---------------
2 files changed, 59 insertions(+), 27 deletions(-)
More information about the krb5-bugs
mailing list