On 13.8.2014 16:51, Greg Hudson wrote: > On 08/13/2014 05:14 AM, Petr Spacek wrote: >> - The application later uses krb5_cc_retrieve_cred() to get >> creds.times.endtime value and to check that the ticket is still valid. > > You can set an endtimes value in mcreds.times and specify the > KRB5_TC_MATCH_TIMES flag, and only credentials which expire after that > endtime will be matched. You still need to use krb5_timeofday() to > produce an end time relative to the clock-adjusted current time, though. > >> I can see that krb5_timeofday() from krb5-libs-1.11 does time offset >> correction automatically for seconds but not for microseconds. > > I don't think you need to worry about microseconds when there is a > five-minute margin on credential expiration. Plenty of factors will Oh, I didn't realize that five-minute margin is still in place.
Thank you for clarification! -- Petr Spacek @ Red Hat ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
