krb5_get_in_tkt_with_keytab no longer honors creds.endtime?

John Hascall john at
Mon Apr 5 13:08:45 EDT 2004

Somewhere between 1.2.6 and krb5-1.3.2-beta3
krb5_get_in_tkt_with_keytab() seems to have
changed so that setting creds.endtime (as
documented) has no effect of the life of
the credentials acquired.

Is this a new "feature"?
(it is quite annoying)

It seems to me like, after krb5_get_in_tkt_with_keytab() calls
krb5int_populate_gic_opt() it ought to do something like this:

if (creds->endtime) {
   krb5_int32 starttime;
   krb5_timeofday(context, &starttime);
   if (creds->starttime) starttime = creds->starttime;
   krb5_get_init_creds_opt_set_tkt_life(&opt, creds->endtime - starttime);


More information about the krbdev mailing list