From d3755d5e0f9e7a7864377333cfccdf1a8a3ecc30 Mon Sep 17 00:00:00 2001
From: Greg Hudson <ghudson@mit.edu>
Date: Mon, 25 Apr 2011 22:01:47 +0000
Subject: Correctly set the expiration field of impersonated credentials in
 kg_compose_deleg_cred(), so we can find them in the cache in
 init_sec_context.  From aberry@likewise.com.

ticket: 6902

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24900 dc483132-0cff-0310-8789-dd5450dbe970
---
 src/lib/gssapi/krb5/s4u_gss_glue.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'src/lib/gssapi')

diff --git a/src/lib/gssapi/krb5/s4u_gss_glue.c b/src/lib/gssapi/krb5/s4u_gss_glue.c
index cf9562c99..8406c3df9 100644
--- a/src/lib/gssapi/krb5/s4u_gss_glue.c
+++ b/src/lib/gssapi/krb5/s4u_gss_glue.c
@@ -218,7 +218,7 @@ kg_compose_deleg_cred(OM_uint32 *minor_status,
     cred->usage = GSS_C_INITIATE;
     cred->proxy_cred = !!(subject_creds->ticket_flags & TKT_FLG_FORWARDABLE);
 
-    cred->tgt_expire = impersonator_cred->tgt_expire;
+    cred->tgt_expire = subject_creds->times.endtime;
 
     code = kg_init_name(context, subject_creds->client, NULL, NULL, NULL, 0,
                         &cred->name);
-- 
cgit