krb5-kdc/1137: conflicting defaults for some kdc.conf tags
jenselby@MIT.EDU
jenselby at MIT.EDU
Sun Jul 14 20:27:18 EDT 2002
>Number: 1137
>Category: krb5-kdc
>Synopsis: conflicting defaults for some kdc.conf tags
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: krb5-unassigned
>State: open
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Sun Jul 14 20:28:01 EDT 2002
>Last-Modified:
>Originator: Jen Selby
>Organization:
MIT
>Release: krb5-1.2.5
>Environment:
>Description:
in lib/kadm5/alt_prof.c, there are two functions for reading
kdc.conf, krb5_read_realm_params and kadm5_get_config_params.
krb5_read_realm_params is called from kdc/main.c, which uses
a default of one day for the max_life tag, one week for the
max-renewable_life tag, and Jan 1 2038 for the
default_principal_expiration tag. The other function is
called from many places and has its own hard-coded defaults,
which are 10 hours, 0, and 0 respectively.
>How-To-Repeat:
>Fix:
Figure out which defaults are best, and change the hardcoded
defaults to those. Change the two functions so that one of them
calls the other, or get rid of krb5_read_realm_params (making
sure that kadm5_get_config_params has all needed functionality)
and change the call in kdc/main.c.
>Audit-Trail:
>Unformatted:
More information about the krb5-bugs
mailing list