size_t len;
Ticket second_ticket_data;
METHOD_DATA padata;
+ int again = 0;
+
+do_again:
krb5_data_zero(&resp);
krb5_data_zero(&enc);
krb5_free_kdc_rep(context, &rep);
} else if(krb5_rd_error(context, &resp, &error) == 0) {
ret = krb5_error_from_rd_error(context, &error, in_creds);
+ if (ret == KRB5KRB_AP_ERR_SKEW) {
+printf("reset time TGS\n");
+ krb5_set_real_time(context, error.stime, 0);
+ again++;
+ }
krb5_free_error_contents(context, &error);
} else if(resp.data && ((char*)resp.data)[0] == 4) {
ret = KRB5KRB_AP_ERR_V4_REPLY;
krb5_free_keyblock_contents(context, subkey);
free(subkey);
}
+if (ret && again == 1) goto do_again;
return ret;
}
krb5_free_error_contents(context, &error);
if (ret)
goto out;
+ } else if (ret == KRB5KRB_AP_ERR_SKEW) {
+/*KRB5_KDCREP_SKEW, "Clock skew too great in KDC reply"
+heimdal/lib/krb5/rd_cred.c: ret = KRB5KRB_AP_ERR_SKEW
+*/printf("reset time\n");
+ krb5_set_real_time(context, error.stime, 0);
} else {
_krb5_get_init_creds_opt_set_krb5_error(context,
init_cred_opts,