Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Check timestamp in PKINIT kdcpreauth module
RFC 4556 requires the KDC to check the PKAuthenticator timestamp in order to prevent replays after the five-minute clock skew window. (A replay attack has minimal value; it only causes the KDC to issue a ticket which an attacker cannot decrypt.) [ghudson@mit.edu: rewrote commit message; squashed with typo fix; style fixes] ticket: 8123 (new)
- Loading branch information