svn commit: samba r19568 -
in branches/SAMBA_4_0/source/auth/kerberos: .
Andrew Bartlett
abartlet at samba.org
Wed Nov 8 23:08:50 GMT 2006
On Mon, 2006-11-06 at 14:59 +0100, Stefan (metze) Metzmacher wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> abartlet at samba.org schrieb:
> > Author: abartlet
> > Date: 2006-11-06 11:18:32 +0000 (Mon, 06 Nov 2006)
> > New Revision: 19568
> >
> > WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=19568
> >
> > Log:
> > When we get back a skew error, try with no skew. This allows us to
> > recover from inheriting an invalid skew from a ccache.
>
> Hi Andrew,
>
> do you know how windows handles this, it sets the time to the time
> returned in the krb5 error packet and then retries.
>
> I think we should try to do the same.
Do we have an API that exposes that?
The other problem is that I think this removes some of the time and
replay protection, because the time is no longer securely determined.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Red Hat Inc. http://redhat.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20061109/f4c3a1c1/attachment.bin
More information about the samba-technical
mailing list