Bug 15676 - Fix clock skew error message and memory cache clock skew recovery
Summary: Fix clock skew error message and memory cache clock skew recovery
Status: RESOLVED FIXED
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: Other (show other bugs)
Version: unspecified
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Jule Anger
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2024-07-04 15:04 UTC by Ralph Böhme
Modified: 2024-07-17 08:36 UTC (History)
2 users (show)

See Also:


Attachments
Patch for v4-20-test (2.31 KB, text/plain)
2024-07-09 11:08 UTC, Stefan Metzmacher
jsutton: review+
Details
Patch for v4-19-test (2.31 KB, text/plain)
2024-07-09 12:16 UTC, Stefan Metzmacher
jsutton: review+
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Ralph Böhme 2024-07-04 15:04:42 UTC
When using smbclient with Heimdal Kerberos, clock skew on the client is not taken into account in the TGS-REQ causing a KRB5KRB_AP_ERR_SKEW KRB-ERR response. There are two problems:

* clock skew adjustment should be done for the TGS-REQ, but this is not implemented in the memory ccache in Heimdal (it is correctly implemented in the file ccache)

* the error is reported as "FAST fast response is missing FX-FAST" instead of the expected "Clock skew too great" error message
Comment 1 Samba QA Contact 2024-07-05 10:03:03 UTC
This bug was referenced in samba master:

e4d6a19e49260af22bffd2a417119489719ba364
Comment 2 Stefan Metzmacher 2024-07-09 11:08:05 UTC
Created attachment 18369 [details]
Patch for v4-20-test
Comment 3 Stefan Metzmacher 2024-07-09 12:16:59 UTC
Created attachment 18370 [details]
Patch for v4-19-test
Comment 4 Jule Anger 2024-07-10 08:05:13 UTC
Pushed to autobuild-v4-{20,19}-test.
Comment 5 Samba QA Contact 2024-07-10 09:15:03 UTC
This bug was referenced in samba v4-20-test:

f4604a86fe1251b86b6f08a7fb3843a65092724d
Comment 6 Samba QA Contact 2024-07-10 13:30:04 UTC
This bug was referenced in samba v4-19-test:

8d08c8141344afe91052a258c22fae1ec886d8db
Comment 7 Jule Anger 2024-07-17 08:36:34 UTC
Closing out bug report.

Thanks!