Any objections to applying the latest patch in 5924?

Tom Yu tlyu at MIT.EDU
Wed Jun 18 14:44:58 EDT 2008

Jeffrey Altman <jaltman at> writes:

> A brief Google search reveals that krb5_set_real_time() is used
> internally to
> the krb5 libraries and was exported so that it can be called by Samba
> so that
> the real time can be set to the CIFS server time specified in an
> authentication
> failure response.

Is the call within the krb5 library not sufficient for the CIFS use?

> Given its purpose I cannot imagine a use case in which a negative
> microseconds
> value would actually be valid?   Are there any real world systems in
> which time is
> reported as S seconds U microseconds where U is negative?
> This bug is serious and is widely causing problems.   At a minimum for
> Cornell,
> many users of modauthkerb, and my clients.   I believe it should be
> fixed.

Go ahead and commit your change, and make a note that documentation
needs to be updated.

We should also fix the KDC side of this problem.

More information about the krbdev mailing list