Fedora Core 1 Test Update: pam_krb5-2.0.5-1
Nalin Dahyabhai
nalin at redhat.com
Wed Nov 26 00:39:37 UTC 2003
[Replying to myself, because the current form doesn't list bug IDs, and
the RPM changelog didn't because it's in the docdir ChangeLog.]
On Tue, Nov 25, 2003 at 07:36:09PM -0500, Nalin Dahyabhai wrote:
> The version of pam_krb5 included in Fedora Core 1 did not honor the
> ticket_lifetime setting in /etc/krb5.conf's [appdefaults] section, in
> the "pam" subsection. The default renewable lifetime set in this
> configuration file is 10 hours. The default ticket lifetime used in
> libkrb5 is 24 hours.
>
> When answering a request for initial credentials which specifies
> these lifetimes, some KDC implementations will reply with initial
> credentials with a renewable lifetime increased to match the ticket
> lifetime. This modification to the response is treated as an error
> by libkrb5, and authentication fails when it would otherwise succeed.
Some discussion for interested parties:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=109331
Cheers,
Nalin
More information about the test
mailing list