From owner-freebsd-bugs  Fri Mar 13 23:10:08 1998
Return-Path: <owner-freebsd-bugs@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id XAA24711
          for freebsd-bugs-outgoing; Fri, 13 Mar 1998 23:10:08 -0800 (PST)
          (envelope-from owner-freebsd-bugs@FreeBSD.ORG)
Received: (from gnats@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id XAA24689;
          Fri, 13 Mar 1998 23:10:04 -0800 (PST)
          (envelope-from gnats)
Received: from fledge.watson.org (robert@FLEDGE.RES.CMU.EDU [128.2.91.116])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id XAA23543
          for <FreeBSD-gnats-submit@freebsd.org>; Fri, 13 Mar 1998 23:00:45 -0800 (PST)
          (envelope-from robert@fledge.watson.org)
Received: (from robert@localhost) by fledge.watson.org (8.8.8/8.6.10) id CAA27738; Sat, 14 Mar 1998 02:00:46 -0500 (EST)
Message-Id: <199803140700.CAA27738@fledge.watson.org>
Date: Sat, 14 Mar 1998 02:00:46 -0500 (EST)
From: robert@cyrus.watson.org
Reply-To: robert+freebsd@cyrus.watson.org
To: FreeBSD-gnats-submit@FreeBSD.ORG
X-Send-Pr-Version: 3.2
Subject: bin/6000: kerberosIV kadmin -- default entry year-2000 stupid
Sender: owner-freebsd-bugs@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


>Number:         6000
>Category:       bin
>Synopsis:       kadmin ank uses bad default expiration of account
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:
>Keywords:
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri Mar 13 23:10:02 PST 1998
>Last-Modified:
>Originator:     Robert Watson
>Organization:
>Release:        FreeBSD 2.2.5-STABLE i386
>Environment:
kerberosIV, -stable, KTH

Multiple -STABLE machines w/-STABLE KTH implementation

>Description:

kadmin uses a bad default principal expiration (year 2000) -- this is not
useful as that is in a year+1/2.  I don't want the default to be to expire
all my accounts that soon :).  The old kadmin would not create an account
with an expiration later than that of the admin ticket used to create it,
and would default to the same expiration as that ticket.  The new one just
uses the year 2000 + current day/month/time as the expiration.

>How-To-Repeat:

fledge:~> kadmin
Welcome to the Kerberos Administration Program, version 2
Type "help" if you need it.
kadmin: ank robert.test
robert.admin@WATSON.ORG's Password: 
Maximum ticket lifetime?  (162)  [4+07:34:45]  255
Attributes?  [0x00]  
Expiration date (enter yyyy-mm-dd) ?  [Mon Mar 13 01:54:12 2000]  Thu Dec 31 23:59:00 2009
Expiration date (enter yyyy-mm-dd) ?  [Mon Mar 13 01:54:12 2000]  2009-12-31
Password for robert.test:
Verifying password - Password for robert.test:

>Fix:
	
Change the constant to something more reasonable, like say 2009-12-31, which
is ten years later than the old default (hence my choice for accounts).  Maybe
later still?  Retain the bound preventing creation of tickets that last longer
than the current .admin ticket.

>Audit-Trail:
>Unformatted:

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message