[krbdev.mit.edu #8610] git commit
Greg Hudson via RT
rt-comment at krbdev.mit.edu
Tue Aug 29 13:45:47 EDT 2017
Don't set ctime in KDC error replies
Setting the error ctime field to the client nonce assumes that the
client used its system time as the nonce, which is not recommended by
RFC 1510 and is prohibited by RFC 4120. Omit the field instead, by
setting the structure field to 0.
https://github.com/krb5/krb5/commit/aff489766e8541bee59d0aa7b9cc7e62f5ca8232
Author: Greg Hudson <ghudson at mit.edu>
Commit: aff489766e8541bee59d0aa7b9cc7e62f5ca8232
Branch: master
src/kdc/do_as_req.c | 2 +-
src/kdc/do_tgs_req.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
More information about the krb5-bugs
mailing list