[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

rd_priv timestamp checking and kpasswdd

in rd_priv there's code:
  /* check timestamp */ 
  if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_TIME) { 
      krb5_timestamp sec; 
      krb5_timeofday (context, &sec); 
      if (part.timestamp != NULL && 
          part.usec      != NULL &&  
          abs(*part.timestamp - sec) > context->max_skew) { 
          ret = KRB5KRB_AP_ERR_SKEW; 
          goto failure_part; 

Interestingly this is making kpasswdd lose from MIT clients because
neither timestamp nor usec is set. Same deal with the built-in Win2000
password changing. I'm going to deal temporarily.

Any comments?