Make krb5int_check_clockskew() public?

Greg Hudson ghudson at MIT.EDU
Mon Oct 31 12:46:17 EDT 2011

On 10/28/2011 06:00 PM, Linus Nordberg wrote:
> I'd like krb5int_check_clockskew() to be made public in order to not
> have to peek into the krb5_context for clockskew.

Done on trunk and marked for pullup to 1.10.

> If y'all think usec is important enough, I'd like to see a variant of
> krb5int_check_clockskew() taking usec into account as well.

This seems unnecessary, since clock skew is typically on the order of
300 seconds and no existing checks (rd_req, rd_safe, rd_priv, rd_cred,
encrypted timestamp, encrypted challenge) are taking microseconds into

More information about the krbdev mailing list