524 problems with 1.3.4, and historical issues

Sam Hartman hartmans at MIT.EDU
Wed Jul 14 13:22:16 EDT 2004


>>>>> "Daniel" == Daniel Henninger <daniel at unity.ncsu.edu> writes:


    Daniel> So I attempted to define "SHORT_LIFETIME" in
    Daniel> lib/src/krb5/krb/v4lifetime.c, after looking at the code.
    Daniel> I thought I'd give it a whirl.  That kills the out of
    Daniel> bounds error message, but doesn't give me a full length
    Daniel> ticket: 07/14/04 10:11:39 07/14/04 21:46:39
    Daniel> zephyr.zephyr at EOS.NCSU.EDU




    Daniel> So my question here is, what are we doing different from
    Daniel> you all up in MIT?  Why are we running into these issues
    Daniel> and you are not?  

Well, I suspect it's probably because our default lifetime is 10 hours
for all tickets.

So, for the combination that gives you a time out of bounds error,
when do you get the error?  In particular, do you get it with kvno -4 or only with zwrite?

Are you getting tgts with krb524init or with kinit -4?
n
What versions of client, kdc and krb524d are you using?


    Daniel> Am I overlooking some sort of
    Daniel> configuration problem?  Do you all not use krb4 at all
    Daniel> anymore?  

I only wish we no longer used krb4.




More information about the Kerberos mailing list