Re: 524 problems with 1.3.4, and historical issues

Wed, 14 Jul 2004 10:48:42 -0700 

   Daniel> So I attempted to define "SHORT_LIFETIME" in
   Daniel> lib/src/krb5/krb/v4lifetime.c, after looking at the code.
   Daniel> I thought I'd give it a whirl.  That kills the out of
   Daniel> bounds error message, but doesn't give me a full length
   Daniel> ticket: 07/14/04 10:11:39 07/14/04 21:46:39
   Daniel> [EMAIL PROTECTED]




   Daniel> So my question here is, what are we doing different from
   Daniel> you all up in MIT?  Why are we running into these issues
   Daniel> and you are not?

Well, I suspect it's probably because our default lifetime is 10 hours
for all tickets.


Hrm, our default lifetime is:
        ticket_lifetime = 24000

=)


So, for the combination that gives you a time out of bounds error,
when do you get the error?  In particular, do you get it with kvno -4 or only with 
zwrite?


kvno -4 zephyr.zephyr
kvno: krb_mk_req error: Time is out of bounds (krb_rd_req)

=/

Are you getting tgts with krb524init or with kinit -4? 

It does happen with both.

I just found it out does only happen when I specify the max 1275 minutes lifetime. It does not happen it I go for the default lifetime. The precise moment it goes from time out of bounds to not out of bounds is at 690minutes. 690 minuets is the maximum lifetime I can set and still successfully get the zephyr ticket. 691 is starts giving me out of bounds.

n
What versions of client, kdc and krb524d are you using?

Client is either 1.3.4 or 1.2.8. Server is 1.3.4. (both clients work fine when server is 1.2.8) Also, krb5.conf can be pointing at the 1.3.4 and krb.conf can be pointing at the 1.2.8 server and have it work just fine.

   Daniel> Am I overlooking some sort of
   Daniel> configuration problem?  Do you all not use krb4 at all
   Daniel> anymore?

I only wish we no longer used krb4. 

*chuckle*  likewise  =/  some day   some magical day

Daniel

--
/\\\----------------------------------------------------------------------///\
\ \\\      Daniel Henninger           http://www.vorpalcloud.org/        /// /
 \_\\\      North Carolina State University - Systems Programmer        ///_/
    \\\                   Information Technology <IT>                  ///
     """--------------------------------------------------------------"""
________________________________________________
Kerberos mailing list           [EMAIL PROTECTED]
https://mailman.mit.edu/mailman/listinfo/kerberos

Reply via email to