Renewable tickets
Russell King
rmk at arm.linux.org.uk
Mon Feb 2 13:24:03 EST 2004
On Mon, Feb 02, 2004 at 12:42:01PM -0500, Sam Hartman wrote:
> >>>>> "Russell" == Russell King <rmk at arm.linux.org.uk> writes:
>
> Russell> Ok. However, verify_as_reply() in get_in_tkt() seems
> Russell> buggy:
>
> And that is what I remember us fixing before the 1.3 release:
>
> 2003-05-30 Alexandra Ellwood <lxs at mit.edu>
>
> * get_in_tkt.c: (verify_as_reply) Only check the renewable lifetime
> of tickets whose request options included KDC_OPT_RENEWABLE_OK
> if those options did not also include KDC_OPT_RENEWABLE. Otherwise
> verify_as_reply() will fail for all renewable tickets.
In my case, both KDC_OPT_RENEWABLE_OK and KDC_OPT_RENEWABLE were set,
which confirms that this fix was for a slightly different problem.
(Also, since your last mail, I've been reading RFC1510 3.1.3, and the
behaviour with both KDC_OPT_RENEWABLE_OK and KDC_OPT_RENEWABLE set does
not appear to be covered.)
> I'd suggest sending a brief summary of the situation, including
> verbatim copies of your comments about verify_as_reply to
> krb5-bugs at mit.edu.
Thanks, will do.
--
Russell King
Linux kernel 2.6 ARM Linux - http://www.arm.linux.org.uk/
maintainer of: 2.6 PCMCIA - http://pcmcia.arm.linux.org.uk/
2.6 Serial core
More information about the krbdev
mailing list