On Wed, Feb 5, 2014 at 11:05 AM, Greg Hudson <[email protected]> wrote: > This could all work better if krb5 had used a ticket lifetime instead of > an end time (like krb4 did, but without the crazy 8-bit representation > of the lifetime). But the protocol was designed under the assumption > that clients, servers, and KDCs would all have mostly synchronized > clocks, so it went with the simplification of always using absolute > timestamps and never relative intervals.
And yet implementation-wise relative times are still needed... I agree, 'twould have been better to have relative lifetime. ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
