Date: Sat, 14 Mar 1998 02:00:46 -0500 (EST) From: robert@cyrus.watson.org To: FreeBSD-gnats-submit@FreeBSD.ORG Subject: bin/6000: kerberosIV kadmin -- default entry year-2000 stupid Message-ID: <199803140700.CAA27738@fledge.watson.org>
next in thread | raw e-mail | index | archive | help
>Number: 6000 >Category: bin >Synopsis: kadmin ank uses bad default expiration of account >Confidential: no >Severity: non-critical >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Fri Mar 13 23:10:02 PST 1998 >Last-Modified: >Originator: Robert Watson >Organization: >Release: FreeBSD 2.2.5-STABLE i386 >Environment: kerberosIV, -stable, KTH Multiple -STABLE machines w/-STABLE KTH implementation >Description: kadmin uses a bad default principal expiration (year 2000) -- this is not useful as that is in a year+1/2. I don't want the default to be to expire all my accounts that soon :). The old kadmin would not create an account with an expiration later than that of the admin ticket used to create it, and would default to the same expiration as that ticket. The new one just uses the year 2000 + current day/month/time as the expiration. >How-To-Repeat: fledge:~> kadmin Welcome to the Kerberos Administration Program, version 2 Type "help" if you need it. kadmin: ank robert.test robert.admin@WATSON.ORG's Password: Maximum ticket lifetime? (162) [4+07:34:45] 255 Attributes? [0x00] Expiration date (enter yyyy-mm-dd) ? [Mon Mar 13 01:54:12 2000] Thu Dec 31 23:59:00 2009 Expiration date (enter yyyy-mm-dd) ? [Mon Mar 13 01:54:12 2000] 2009-12-31 Password for robert.test: Verifying password - Password for robert.test: >Fix: Change the constant to something more reasonable, like say 2009-12-31, which is ten years later than the old default (hence my choice for accounts). Maybe later still? Retain the bound preventing creation of tickets that last longer than the current .admin ticket. >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199803140700.CAA27738>