AS-REQ with till being the epoch
Weijun Wang
weijun.wang at oracle.com
Tue Aug 29 10:00:05 EDT 2017
More info:
The KRB-ERROR reply to TGS-REQ has a strange ctime: 1974-12-10 21:52:23 (UTC).
--Max
> On Aug 29, 2017, at 9:38 PM, Weijun Wang <weijun.wang at oracle.com> wrote:
>
> It looks like if I set the till field in AS-REQ to the epoch, the issued ticket will have a very big endtime (Ex: now it's 2106-02-07 06:28:15 (UTC)).
>
> Well, this is OK.
>
> But if I call kvno with this TGT in ccache, I see a "Ticket expired while getting credentials" error. Maybe somewhere in the KDC that very big endtime is mistakenly treated as a very small number?
>
> My KDC is compiled from the head of https://github.com/krb5/krb5.git/.
>
> Thanks
> Max
>
More information about the krbdev
mailing list