rpms/krb5/devel krb5-1.6.2-key_exp.patch,1.1,1.2

[Nalin Somabhai Dahyabhai (nalin)]

Author: nalin

Update of /cvs/pkgs/rpms/krb5/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv5050/devel

Modified Files:
	krb5-1.6.2-key_exp.patch 
Log Message:
- Do what the rfc says we should do, rather than what the error message
  suggests we're doing.


krb5-1.6.2-key_exp.patch:

Index: krb5-1.6.2-key_exp.patch
===================================================================
RCS file: /cvs/pkgs/rpms/krb5/devel/krb5-1.6.2-key_exp.patch,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- krb5-1.6.2-key_exp.patch	26 Jul 2007 19:06:51 -0000	1.1
+++ krb5-1.6.2-key_exp.patch	4 Sep 2007 16:34:44 -0000	1.2
@@ -1,13 +1,20 @@
 Sadique Puthen notes that the warning on the client side seems to be correspond
-to the wrong attribute on the KDC....
+to the wrong attribute on the KDC.  Do what RFC4120 says we should do.
 --- krb5-1.6.2/src/kdc/do_as_req.c	2007-06-25 15:49:06.000000000 -0400
 +++ krb5-1.6.2/src/kdc/do_as_req.c	2007-06-25 15:49:08.000000000 -0400
-@@ -371,7 +371,7 @@ process_as_req(krb5_kdc_req *request, kr
+@@ -371,7 +371,14 @@ process_as_req(krb5_kdc_req *request, kr
  	goto errout;
      }
      reply_encpart.nonce = request->nonce;
 -    reply_encpart.key_exp = client.expiration;
-+    reply_encpart.key_exp = client.pw_expiration;
++    if (client.expiration == 0) {
++       reply_encpart.key_exp = client.pw_expiration;
++    } else if (client.pw_expiration == 0) {
++       reply_encpart.key_exp = client.expiration;
++    } else {
++       reply_encpart.key_exp = client.pw_expiration < client.expiration ?;
++                               client.pw_expiration : client.expiration;
++    }
      reply_encpart.flags = enc_tkt_reply.flags;
      reply_encpart.server = ticket_reply.server;