Any objections to applying the latest patch in 5924?

[Tom Yu]

Jeffrey Altman <jaltman at secure-endpoints.com> writes:

> A brief Google search reveals that krb5_set_real_time() is used
> internally to
> the krb5 libraries and was exported so that it can be called by Samba
> so that
> the real time can be set to the CIFS server time specified in an
> authentication
> failure response.

Is the call within the krb5 library not sufficient for the CIFS use?

> Given its purpose I cannot imagine a use case in which a negative
> microseconds
> value would actually be valid?   Are there any real world systems in
> which time is
> reported as S seconds U microseconds where U is negative?
>
> This bug is serious and is widely causing problems.   At a minimum for
> Cornell,
> many users of modauthkerb, and my clients.   I believe it should be
> fixed.

Go ahead and commit your change, and make a note that documentation
needs to be updated.

We should also fix the KDC side of this problem.