git.samba.org
/
jra
/
samba-autobuild
/
.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
a397029
)
s4:dsdb: Add a note that administrators should not set the clock too far in the future
author
Jo Sutton
<josutton@catalyst.net.nz>
Tue, 16 Apr 2024 01:58:15 +0000
(13:58 +1200)
committer
Jo Sutton
<jsutton@samba.org>
Sun, 21 Apr 2024 22:10:36 +0000
(22:10 +0000)
Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
source4/dsdb/gmsa/util.c
patch
|
blob
|
history
diff --git
a/source4/dsdb/gmsa/util.c
b/source4/dsdb/gmsa/util.c
index 30ea532f70920d632ab089576ee7cf7cf0ab3093..a6abaf62c4170e934f96a6f20ce91aa74a8358ae 100644
(file)
--- a/
source4/dsdb/gmsa/util.c
+++ b/
source4/dsdb/gmsa/util.c
@@
-1180,6
+1180,12
@@
int gmsa_recalculate_managed_pwd(TALLOC_CTX *mem_ctx,
* the keys.
*/
+ /*
+ * Administrators should be careful not to set a DC’s clock too far in
+ * the future, or a gMSA’s keys may be stuck at that future time and
+ * stop updating until said time rolls around for real.
+ */
+
current_key_is_valid = pwd_id != NULL &&
current_time < current_key_expiration_time;
if (current_key_is_valid) {