Don't include krb5_kdc_req->from if default start time
Sam Hartman
hartmans at MIT.EDU
Mon May 14 14:41:35 EDT 2012
>>>>> "Greg" == Greg Hudson <ghudson at MIT.EDU> writes:
Greg> Our KDC and Heimdal's KDC actually ignore the request's start
Greg> time unless the request includes the postdated option. So I
Greg> think it's reasonable for krb5_get_init_creds to omit the
Greg> start time if (1) start_time is 0, and (2) options->flags does
Greg> not include KRB5_GET_INIT_CREDS_OPT_PROXIABLE. I don't think
Greg> we even need to check for KRB5_LIBOPT_SYNC_KDCTIME.
What does proxiable have to do with it?
More information about the krbdev
mailing list