Alexandra Ellwood lxs at MIT.EDU
Tue Sep 21 14:16:49 EDT 2004

On Sep 21, 2004, at 1:57 PM, Tom Yu wrote:

>>>>>> "kwc" == Kevin Coffman <kwc at> writes:
> kwc> While testing the new gssrpc code, I've run into a situation with
> kwc> krb5_string_to_deltat() not liking my krb5.conf setting of
> kwc> ticket_lifetime.  My original krb5.conf has:
> kwc> ticket_lifetime = 604800
> kwc> The cvs-current code returns EINVAL for this, but likes "604800s" 
> (or
> kwc> "100h", or "7d").
> I don't know of anything that would cause such a change.  Did the bare
> integer ever work?  On what release did it last work?
> krb5_string_to_deltat() has used the bison grammar for quite some
> time... I think since krb5-1.1.  Prior to that, I think there was a
> hand-coded parser.

The short answer is: "ticket_lifetime = 604800" was never being read in 
stock MIT Kerberos, and thus the syntax error was not being reported.  
I checked in a change to the trunk a little over a month ago to fix 
this deficiency.  krb5-1.4 will be the first release to support this 

See MIT Kerberos bug #2656 for more information.

It is possible that sites have local patches to krb5-1.3.x and earlier 
which enable this libdefault and do not use krb5_string_to_deltat() to 
read it.  If so, then the format of the lifetime will change if the 
site does not reapply their patches.

Hope this helps,

Alexandra Ellwood <lxs at>
Kerberos Development Team
MIT Information Services & Technology

More information about the krbdev mailing list