summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/clients/ksu/ChangeLog6
-rw-r--r--src/clients/ksu/krb_auth_su.c12
2 files changed, 17 insertions, 1 deletions
diff --git a/src/clients/ksu/ChangeLog b/src/clients/ksu/ChangeLog
index 85fbfb274..896dab8a4 100644
--- a/src/clients/ksu/ChangeLog
+++ b/src/clients/ksu/ChangeLog
@@ -1,3 +1,9 @@
+Wed Feb 4 20:46:49 1998 Tom Yu <tlyu@mit.edu>
+
+ * krb_auth_su.c (krb5_verify_tkt_def): If using a pre-existing
+ credential cache, ensure that the host ticket has not yet
+ expired. Patch from vwelch@ncsa.uiuc.edu [krb5-clients/545].
+
Mon Jan 27 16:56:07 1997 Tom Yu <tlyu@mit.edu>
* Makefile.in:
diff --git a/src/clients/ksu/krb_auth_su.c b/src/clients/ksu/krb_auth_su.c
index b089fa113..e5a489f91 100644
--- a/src/clients/ksu/krb_auth_su.c
+++ b/src/clients/ksu/krb_auth_su.c
@@ -341,7 +341,17 @@ krb5_keyblock * tkt_ses_key;
return(retval);
}
-
+ /* Check to make sure ticket hasn't expired */
+ if (retval = krb5_check_exp(context, tkt->enc_part2->times)) {
+ if (auth_debug && (retval == KRB5KRB_AP_ERR_TKT_EXPIRED)) {
+ fprintf(stderr,
+ "krb5_verify_tkt_def: ticket has expired");
+ }
+ krb5_free_ticket(context, tkt);
+ krb5_kt_free_entry(context, &ktentry);
+ krb5_free_keyblock(context, tkt_key);
+ return KRB5KRB_AP_ERR_TKT_EXPIRED;
+ }
if (!krb5_principal_compare(context, client, tkt->enc_part2->client)) {
krb5_free_ticket(context, tkt);
generated by cgit (git 2.34.1) at 2024-10-11 08:22:42 +0000