On 05/02, David Kupka wrote:
> Hello!
> 
> Recently I have touched password expiration code in ipa_kdb_password.c and
> noticed that we have IPAPW_END_OF_TIME set to January 1st, 2038. I thought
> that it's just old code that still assumes 32bit time stamp and that
> Kerberos surely moved to 64bit long time ago.
> I was really surprised when I opened /usr/include/krb5/krb5.h and found:
> >typedef krb5_int32      krb5_timestamp;
> 
> Is there a reason why not just replace the line above with:
> > typedef krb5_int64      krb5_timestamp; ?
> 
> I know that it may seem that we have plenty of time to address it but I
> don't see a reason to wait.
> 

There are some plans for addressing this upstream:
http://mailman.mit.edu/pipermail/krbdev/2014-December/012239.html

> -- 
> David Kupka
> 
> -- 
> Manage your subscription for the Freeipa-devel mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-devel
> Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

-- 
Matt Rogers
Red Hat, Inc

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to