s4:dsdb: Add a note that administrators should not set the clock too far in the future

author Jo Sutton <josutton@catalyst.net.nz>

Tue, 16 Apr 2024 01:58:15 +0000 (13:58 +1200)

committer Jo Sutton <jsutton@samba.org>

Sun, 21 Apr 2024 22:10:36 +0000 (22:10 +0000)
author Jo Sutton <josutton@catalyst.net.nz>
Tue, 16 Apr 2024 01:58:15 +0000 (13:58 +1200)
committer Jo Sutton <jsutton@samba.org>
Sun, 21 Apr 2024 22:10:36 +0000 (22:10 +0000)
diff --git a/source4/dsdb/gmsa/util.c b/source4/dsdb/gmsa/util.c

index 30ea532f70920d632ab089576ee7cf7cf0ab3093..a6abaf62c4170e934f96a6f20ce91aa74a8358ae 100644 (file)
--- a/source4/dsdb/gmsa/util.c
+++ b/source4/dsdb/gmsa/util.c
@@ -1180,6 +1180,12 @@ int gmsa_recalculate_managed_pwd(TALLOC_CTX *mem_ctx,
          * the keys.
          */
  
+       /*
+        * Administrators should be careful not to set a DC’s clock too far in
+        * the future, or a gMSA’s keys may be stuck at that future time and
+        * stop updating until said time rolls around for real.
+        */
+
         current_key_is_valid = pwd_id != NULL &&
                                current_time < current_key_expiration_time;
         if (current_key_is_valid) {
author	Jo Sutton <josutton@catalyst.net.nz>
	Tue, 16 Apr 2024 01:58:15 +0000 (13:58 +1200)
committer	Jo Sutton <jsutton@samba.org>
	Sun, 21 Apr 2024 22:10:36 +0000 (22:10 +0000)