Skip site navigation (1)Skip section navigation (2) 
Date:      06 Jan 2000 11:12:20 +0100
From:      Bjoern Groenvall <bg@sics.se>
To:        Sven Brandenburg <S.Brandenburg@tu-bs.de>
Cc:        freebsd-security@FreeBSD.ORG
Subject:   Re: kerberos and Y2K ?
Message-ID:  <wuu2krqzjv.fsf@bg.sics.se>
In-Reply-To: Sven Brandenburg's message of Wed, 05 Jan 2000 17:34:56 %2B0000
References:  <387380C0.41E4AE34@tu-bs.de>
index | next in thread | previous in thread | raw e-mail 

Sven Brandenburg <S.Brandenburg@tu-bs.de> writes:

> Hello,
> 
> sorry if this is the wrong place for this question,
> but has anybody seen any Y2k problems with kerberos (eBones) ?
> 
> Yesterday I tried to create a new kerberos database.
> All went smoothly the way it`s documented in the handbook.
> Except for one thing:
> 
> $ kinit sven
> eBones International (algieba.leonis.supercluster.net)
> Kerberos Initialization for "sven"
> Password: 
> kinit: Principal expired (kerberos)
> 
> The database was created setting all expiry dates to 2001-01-01
> instead of the default 2000-01-01.
> Once the system clock is switched back to 1999 kinit is able 
> to obtain a valid ticket.
> 
> Any comments?

There used to be a real stupid default value for the expiration date
in kdb_init.c that was not fixed until 19980609. I don't know exactly
what your sources look like but here is a possible fix:

-    principal.exp_date = 946702799;    /* Happy new century */
-    strncpy(principal.exp_date_txt, "12/31/99", DATE_SZ);
     principal.mod_date = time(0);
+    *principal.mod_date_txt = '\0';
+    principal.exp_date = principal.mod_date + 5 * 365 * 24 * 60 * 60;
+    *principal.exp_date_txt = '\0';

You may also use more recent sources from ftp.pdc.kth.se:pub/krb/src.

Cheers,
Björn


-- 
  _     _                                               ,_______________.  
Bjorn Gronvall (Björn Grönvall)                        /_______________/|     
Swedish Institute of Computer Science                  |               ||
PO Box 1263, S-164 29 Kista, Sweden                    | Schroedingers ||
Email: bg@sics.se, Phone +46 -8 633 15 25              |      Cat      |/
Cellular +46 -70 768 06 35, Fax +46 -8 751 72 30       `---------------' 


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
help

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?wuu2krqzjv.fsf>