Allow preauth mechs to work with clock skew

Add a clpreauth callback which gets the time of day using an offset
determined by the preauth-required error, and use it in encrypted
timestamp and encrypted challenge.  This timestamp is not necessarily
authenticated, but the security consequences for those preauth mechs
are minor (and can be mitigated by turning off kdc_timesync on
clients).

Based on a patch from Stef Walter.

ticket: 7114

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25808 dc483132-0cff-0310-8789-dd5450dbe970

0 files changed, 0 insertions, 0 deletions