krb5_get_in_tkt_with_keytab no longer honors creds.endtime?
John Hascall
john at iastate.edu
Mon Apr 5 13:08:45 EDT 2004
Somewhere between 1.2.6 and krb5-1.3.2-beta3
krb5_get_in_tkt_with_keytab() seems to have
changed so that setting creds.endtime (as
documented) has no effect of the life of
the credentials acquired.
Is this a new "feature"?
(it is quite annoying)
It seems to me like, after krb5_get_in_tkt_with_keytab() calls
krb5int_populate_gic_opt() it ought to do something like this:
if (creds->endtime) {
krb5_int32 starttime;
krb5_timeofday(context, &starttime);
if (creds->starttime) starttime = creds->starttime;
krb5_get_init_creds_opt_set_tkt_life(&opt, creds->endtime - starttime);
}
Thanks,
John
More information about the krbdev
mailing list