[krbdev.mit.edu #7114] SVN Commit
Greg Hudson via RT
rt-comment at krbdev.mit.edu
Tue Apr 17 00:07:36 EDT 2012
Allow preauth mechs to work with clock skew
Add a clpreauth callback which gets the time of day using an offset
determined by the preauth-required error, and use it in encrypted
timestamp and encrypted challenge. This timestamp is not necessarily
authenticated, but the security consequences for those preauth mechs
are minor (and can be mitigated by turning off kdc_timesync on
clients).
Based on a patch from Stef Walter.
http://src.mit.edu/fisheye/changelog/krb5/?cs=25808
Commit By: ghudson
Revision: 25808
Changed Files:
U trunk/src/include/k5-int.h
U trunk/src/include/krb5/preauth_plugin.h
U trunk/src/lib/krb5/krb/get_in_tkt.c
U trunk/src/lib/krb5/krb/preauth2.c
U trunk/src/lib/krb5/krb/preauth_ec.c
U trunk/src/lib/krb5/krb/preauth_encts.c
U trunk/src/lib/krb5/os/ustime.c
U trunk/src/tests/t_skew.py
More information about the krb5-bugs
mailing list