Any objections to applying the latest patch in 5924?
tlyu at MIT.EDU
Wed Jun 18 14:44:58 EDT 2008
Jeffrey Altman <jaltman at secure-endpoints.com> writes:
> A brief Google search reveals that krb5_set_real_time() is used
> internally to
> the krb5 libraries and was exported so that it can be called by Samba
> so that
> the real time can be set to the CIFS server time specified in an
> failure response.
Is the call within the krb5 library not sufficient for the CIFS use?
> Given its purpose I cannot imagine a use case in which a negative
> value would actually be valid? Are there any real world systems in
> which time is
> reported as S seconds U microseconds where U is negative?
> This bug is serious and is widely causing problems. At a minimum for
> many users of modauthkerb, and my clients. I believe it should be
Go ahead and commit your change, and make a note that documentation
needs to be updated.
We should also fix the KDC side of this problem.
More information about the krbdev