Unixtime preauthentication

Darren Reed (Optimation) darrenr at optimation.com.au
Tue Nov 26 01:27:01 EST 2002

I've attached the patches I made as the file unixtimepreauth.patch.
The only comment I'd make against using it as is would be I
did not want to venture into the territory of assigning new
error codes to indicate different failure reasons and so went
in search of others that seemed reasonable analogues to what
checks were being made.

I don't know how concerned you are about this, with, for example,
malloc() failing in the existing verify_enc_timestamp() returning
success rather than failure.  ie. starve the KDC of memory and
preauth will always succeed.  Only thing is, I'm sure lots of other
things would have failed before you got that far (I hope!) because
it sounds bad when put like that.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: unixtimepreauth.patch
Type: application/octet-stream
Size: 3692 bytes
Desc: not available
Url : http://mailman.mit.edu/pipermail/krbdev/attachments/20021126/813c8fcd/attachment.obj

More information about the krbdev mailing list