Don't include krb5_kdc_req->from if default start time
Greg Hudson
ghudson at MIT.EDU
Mon May 14 14:49:07 EDT 2012
On 05/14/2012 02:41 PM, Sam Hartman wrote:
>>>>>> "Greg" == Greg Hudson <ghudson at MIT.EDU> writes:
>
> Greg> Our KDC and Heimdal's KDC actually ignore the request's start
> Greg> time unless the request includes the postdated option. So I
> Greg> think it's reasonable for krb5_get_init_creds to omit the
> Greg> start time if (1) start_time is 0, and (2) options->flags does
> Greg> not include KRB5_GET_INIT_CREDS_OPT_PROXIABLE. I don't think
> Greg> we even need to check for KRB5_LIBOPT_SYNC_KDCTIME.
>
> What does proxiable have to do with it?
I thought I was pasting KRB5_GET_INIT_CREDS_OPT_POSTDATED. But that
option turns out not to exist; postdating is implied by passing a
start_time greater than 0.
The patch I actually committed simply omits the from field if start_time
is 0.
More information about the krbdev
mailing list