Any objections to applying the latest patch in 5924?

Jeffrey Altman jaltman at
Wed Jun 18 13:28:18 EDT 2008

Tom Yu wrote:
> Jeffrey Altman <jaltman at> writes:
>> Please review the replay collision reduction patch in 5924.
>> The original contribution was from Nik Conwell at Boston University.
>> I've revised it to make it easier to read.  I believe it should
>> be committed and will do so after someone on the Consortium team
>> reviews it.
> The patch adds a special meaning to a microseconds argument of -1
> passed to krb5_set_real_time().  This is an API change.  Who is
> calling this API, and will this cause problems for them?
A brief Google search reveals that krb5_set_real_time() is used 
internally to
the krb5 libraries and was exported so that it can be called by Samba so 
the real time can be set to the CIFS server time specified in an 
failure response. 

Given its purpose I cannot imagine a use case in which a negative 
value would actually be valid?   Are there any real world systems in 
which time is
reported as S seconds U microseconds where U is negative?

This bug is serious and is widely causing problems.   At a minimum for 
many users of modauthkerb, and my clients.   I believe it should be 

Jeffrey Altman

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3355 bytes
Desc: S/MIME Cryptographic Signature
Url :

More information about the krbdev mailing list