[Freeipa-devel] [PATCH 0026] Prevent integer overflow when setting krbPasswordExpiration
Tomas Babej
tbabej at redhat.com
Mon Jan 14 15:46:33 UTC 2013
Hi,
Since in Kerberos V5 are used 32-bit unix timestamps, setting
maxlife in pwpolicy to values such as 9999 days would cause
integer overflow in krbPasswordExpiration attribute.
This would result into unpredictable behaviour such as users
not being able to log in after password expiration if password
policy was changed (#3114) or new users not being able to log
in at all (#3312).
https://fedorahosted.org/freeipa/ticket/3312
https://fedorahosted.org/freeipa/ticket/3114
Tomas
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-tbabej-0026-Prevent-integer-overflow-when-setting-krbPasswordExp.patch
Type: text/x-patch
Size: 3701 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20130114/e48d8922/attachment.bin>
More information about the Freeipa-devel
mailing list