0e8a329 Prevent integer overflow when setting krbPasswordExpiration

5 files Authored by tbabej 11 years ago, Committed by mkosek 11 years ago,
    Prevent integer overflow when setting krbPasswordExpiration
    
    Since in Kerberos V5 are used 32-bit unix timestamps, setting
    maxlife in pwpolicy to values such as 9999 days would cause
    integer overflow in krbPasswordExpiration attribute.
    
    This would result into unpredictable behaviour such as users
    not being able to log in after password expiration if password
    policy was changed (#3114) or new users not being able to log
    in at all (#3312).
    
    The timestamp value is truncated to Jan 1, 2038 in ipa-kdc driver.
    
    https://fedorahosted.org/freeipa/ticket/3312
    https://fedorahosted.org/freeipa/ticket/3114
    
        
file modified
+2 -0
file modified
+3 -0