Recently I have touched password expiration code in ipa_kdb_password.c and noticed that we have IPAPW_END_OF_TIME set to January 1st, 2038. I thought that it's just old code that still assumes 32bit time stamp and that Kerberos surely moved to 64bit long time ago.
I was really surprised when I opened /usr/include/krb5/krb5.h and found:
typedef krb5_int32      krb5_timestamp;

Is there a reason why not just replace the line above with:
> typedef krb5_int64      krb5_timestamp; ?

I know that it may seem that we have plenty of time to address it but I don't see a reason to wait.

David Kupka

Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to