[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: Fedora Core 1 Test Update: pam_krb5-2.0.5-1

From: Nalin Dahyabhai <nalin redhat com>
To: fedora-test-list redhat com
Subject: Re: Fedora Core 1 Test Update: pam_krb5-2.0.5-1
Date: Tue, 25 Nov 2003 19:39:37 -0500

[Replying to myself, because the current form doesn't list bug IDs, and
 the RPM changelog didn't because it's in the docdir ChangeLog.]

On Tue, Nov 25, 2003 at 07:36:09PM -0500, Nalin Dahyabhai wrote:
> The version of pam_krb5 included in Fedora Core 1 did not honor the
> ticket_lifetime setting in /etc/krb5.conf's [appdefaults] section, in
> the "pam" subsection.  The default renewable lifetime set in this
> configuration file is 10 hours.  The default ticket lifetime used in
> libkrb5 is 24 hours.
> 
> When answering a request for initial credentials which specifies
> these lifetimes, some KDC implementations will reply with initial
> credentials with a renewable lifetime increased to match the ticket
> lifetime.  This modification to the response is treated as an error
> by libkrb5, and authentication fails when it would otherwise succeed.

Some discussion for interested parties:
  https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=109331

Cheers,

Nalin

References:
- Fedora Core 1 Test Update: pam_krb5-2.0.5-1
  - From: Nalin Dahyabhai

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]