>>>>> "dwb7" == David Botsch <[EMAIL PROTECTED]> writes:
dwb7> I can tcpdump or ethereal it. A correction... it may only take dwb7> one krb524init after approximately 10 min has passed to cause dwb7> the out of bounds error message to appear. I think I've tracked this down and fixed it in our development sources. Basically, krb5-1.3.x (and possibly earlier releases) backdate the start time of a krb4 ticket so that it will expire at the correct time, rather than up to 5 minutes after it's supposed to expire (or possibly even longer afterwards if it's in the exponential lifetime range). To avoid confusing clients, we made a fix so that the date reported to the client when it requests the ticket is the "real" start time of the ticket, rather than the backdated start time included in the encrypted part of the ticket. Unfortunately, when we made that fix, we neglected to make it in all the relevant places, so it was still possible to have a client see a backdated start time and flag it as "time out of bounds". I've checked in a fix; it is ticket #2643 in our bug database. It should be in a future release. ---Tom ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos
