[Freeipa-devel] MIT KRB5 uses 32bit time stamp
David Kupka
dkupka at redhat.com
Mon May 2 13:35:00 UTC 2016
Hello!
Recently I have touched password expiration code in ipa_kdb_password.c
and noticed that we have IPAPW_END_OF_TIME set to January 1st, 2038. I
thought that it's just old code that still assumes 32bit time stamp and
that Kerberos surely moved to 64bit long time ago.
I was really surprised when I opened /usr/include/krb5/krb5.h and found:
> typedef krb5_int32 krb5_timestamp;
Is there a reason why not just replace the line above with:
> typedef krb5_int64 krb5_timestamp; ?
I know that it may seem that we have plenty of time to address it but I
don't see a reason to wait.
--
David Kupka
More information about the Freeipa-devel
mailing list