Make krb5int_check_clockskew() public?

Sam Hartman hartmans at MIT.EDU
Mon Oct 31 13:09:41 EDT 2011

>>>>> "Linus" == Linus Nordberg <linus at> writes:

    Linus> Sam Hartman <hartmans at> wrote Sat, 29 Oct 2011
    Linus> 18:35:08 -0400:

    Linus> | Your ASN.1 decoder is mighty strange if it produces a
    Linus> structure | depending on size of the armor key from an
    Linus> encrypted timestamp preauth.

    Linus> The timestamp we're verifying here is not standardised and is
    Linus> hiding in the nonce field of the PA-OTP-CHALLENGE.  The
    Linus> definition of the nonce field was changed (in -18 IIRC) to
    Linus> make it possible to include a timestamp in the nonce.  This
    Linus> relieves the KDC from holding state for this.

I thought you were dealing with the two-pass case.
Makes more sense now.

More information about the krbdev mailing list