Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Return correct expiration #6

Closed
bodgit opened this issue Jan 2, 2019 · 2 comments · Fixed by #121 · May be fixed by #114
Closed

Return correct expiration #6

bodgit opened this issue Jan 2, 2019 · 2 comments · Fixed by #121 · May be fixed by #114
Assignees
@bodgit
Labels
bug Something isn't working

Comments

@bodgit
Copy link
Owner

bodgit commented Jan 2, 2019

The negotiated context attempts to indicate the expiration time of the context however it never seems to match reality. The TKEY record has an expiry field which will indicate validity for an hour yet after five minutes the negotiated context will cease to work.

Perhaps the expiry field in the TKEY record needs to be ignored and the expiration is buried in the negotiated GSSAPI/Kerberos/SSPI context.
@bodgit bodgit added the bug Something isn't working label Jan 2, 2019
@bodgit bodgit self-assigned this Jan 2, 2019
@bodgit
Copy link
Owner Author

bodgit commented Dec 21, 2020

Just found in RFC 2930:

The inception and expiry times in a GSS-API mode TKEY RR are ignored.

I can probably simplify the code to just put 0 for these fields, but there still must be some sort of expiry time buried somewhere.

@bodgit
Copy link
Owner Author

bodgit commented Dec 22, 2020

Doesn't work if you set them to 0, the server refuses to deal. Interestingly I send a TKEY with an hour validity, I get back a TKEY with a whole day validity, yet it only seems to work for five minutes.

bodgit added a commit that referenced this issue Oct 13, 2023
@bodgit
fix: Use expiry from negotiated context
9df9604 
Fixes #6
@bodgit bodgit mentioned this issue Oct 13, 2023
Merged
@bodgit bodgit closed this as completed in 0d4e7fc Oct 13, 2023
@bodgit bodgit mentioned this issue Oct 13, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@bodgit bodgit

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix: Use expiry from negotiated context bodgit/tsig
chore(main): release 1.2.3 bodgit/tsig
1 participant
@bodgit