Krb5 options patch
Mike Dopheide
dopheide at ncsa.uiuc.edu
Thu Feb 24 09:36:23 EST 2005
Does anyone see a need for a patch that allows Kerberos password
authentication with the correct local options? I'm simply trying to get a
feel for if it's worth my time to investigate it further.
The issue is that we also use a patch that does Kerberos ticket passing
and our ticket lifetime is slightly higher than the default 10 hours.
Users experience different behavior when they login with a ticket
or if they acquire a new ticket while logging in with a password.
A quick investigation leads me to krb5_get_init_creds_password() in
auth-krb5.c not passing along the 'default_lifetime' option that can be
set in /etc/krb5.conf.
Thoughts?
-Mike
---------------------------------------------------
Mike Dopheide dopheide at ncsa.uiuc.edu
System Engineer Phone: 217.244.0299
NCSA, University of Illinois Fax: 217.244.1987
More information about the openssh-unix-dev
mailing list