system/3292: Kerberos does not set the expiration time correctly

>Number: 3292
>Category: system
>Synopsis: Kerberos utility in OpenBSD3.3 has a bug. It does not set the pr
net
>Environment:

        
        System      : OpenBSD 3.3
        Architecture: OpenBSD.i386
        Machine     : i386

   The heimdal kerberosV which comes with the OpenBSD3.3 release has a bug. It d oes not take the principal and password expiration time correctly and the user e xpires at 24:00:00 time no matter what time you specify while creating the user.

   When I use the kerberos-0.4e distribution by heimdal and make a client which would expire on a certain date and certain time it works but when I use the heim dal distribution given with OpenBSD3.3, the principal expiration date works corr ectly but the time does not.

>How-To-Repeat:

1) Initiate a kdc realm using kinit
2) Create a user in that realm with a principal expiration date and time
3) Try to log in using the user name and the password

The user expiration date is correct but the expiration time shown on the ticket is always 12:00am midnight which is the required behaviour if no time is specifi ed during the user creation and only date is specified. However if the time is s pecified, then the principal should expire on given date and time.

I created a user with expiration date one day from today and expiration time 17: 18:19.

Outout from my program

# kadmin -l
kadmin> init ONBOARD.REALM
Realm max ticket life [unlimited]:
Realm max renewable ticket life [unlimited]: kadmin> add user1@ONBOARD.REALM
Max ticket life [1 day]:
Max renewable life [1 week]:
Principal expiration time [never]:2003-05-29 17:18:19 Password expiration time [never]:2003-05-29 17:18:19 Attributes []:
user1@ONBOARD.REALM's Password:
Verifying password - user1@ONBOARD.REALM's Password: kadmin> exit

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related openbsd.org Links advocacy announce bugs ipv6 misc ports ports-changes security-announce smp source-changes tech Request more information about Pantek

Result when I run the program from heimdal-0.4e version of heimdal distribution

# kinit user1@MY.REALM
user1@MY.REALM's Password:
Your password will expire at Thu May 29 09:18:19 2003

Result when I run the program from heimdal which came with OpenBSD

# kinit user1@MY.REALM
user1@MY.REALM's Password:
Your password will expire at Thu May 29 16:00:00 2003

>Fix:

        The kerberos parses the time specified by the user correctly but then so mehow it puts the default time (ie 12 am midnight) instead of using the time spe cified by the user.



>Release-Note:
>Audit-Trail:
>Unformatted:

 Reply-To: adharw@yahoo.com
 X-sendbug-version: 3.97  

Do you need more help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related openbsd.org Links advocacy announce bugs ipv6 misc ports ports-changes security-announce smp source-changes tech Request more information about Pantek

 incipal and password expiration time of the user correctly when new user is crea  ted. Received on Wed Jun 4 21:12:42 2003