Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Test] Lower the Kerberos principal expiration time #73515

Merged
merged 1 commit into from
Aug 6, 2022
Merged

[Test] Lower the Kerberos principal expiration time #73515

merged 1 commit into from
Aug 6, 2022

Conversation

filipnavara
Copy link
Member

KRB5/GSSAPI on Arm32 is unable to handle dates far in the future. We don't use the credentials long-term so the expiration could be almost arbitrarily short.

Fixes #73343

@filipnavara
Lower the Kerberos principal expiration time
4a89e2f 
KRB5/GSSAPI on Arm32 is unable to handle dates far in the future
@ghost ghost added the community-contribution Indicates that the PR has been added by a community member label Aug 6, 2022
@filipnavara filipnavara requested a review from wfurt August 6, 2022 11:36
@ghost
Copy link

ghost commented Aug 6, 2022

Tagging subscribers to this area: @dotnet/ncl, @vcsjones
See info in area-owners.md if you want to be subscribed.

Issue Details

KRB5/GSSAPI on Arm32 is unable to handle dates far in the future. We don't use the credentials long-term so the expiration could be almost arbitrarily short.

Fixes #73343

Author: filipnavara
Assignees: -
Labels:

area-System.Net.Security
Milestone: -

@filipnavara
Copy link
Member Author

filipnavara commented Aug 6, 2022
edited
Loading

Needs /azp run runtime-extra-platforms before merge.

@filipnavara filipnavara changed the title Lower the Kerberos principal expiration time [Test] Lower the Kerberos principal expiration time Aug 6, 2022
@vcsjones
Copy link
Member

vcsjones commented Aug 6, 2022

/azp run runtime-extra-platforms

@azure-pipelines
Copy link

Azure Pipelines successfully started running 1 pipeline(s).

wfurt
wfurt reviewed Aug 6, 2022
View reviewed changes
Copy link
Member

@wfurt wfurt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice! extra-platform looks clean from Kerberos prospective.
Perhaps the 9999 month overflow 32bit somewhere?

@wfurt
Copy link
Member

wfurt commented Aug 6, 2022

Socket and Quic test failures unrelated

@wfurt wfurt merged commit 254ac08 into dotnet:main Aug 6, 2022
@filipnavara
Copy link
Member Author

Perhaps the 9999 month overflow 32bit somewhere?

My guess would be something like Y2286 problem where Unix timestamp can overflow. The weird thing is that it didn't fail the CI the same way on x86 Linux. I kept the ARM VM in case we want to run some more tests but for the moment I am happy with consistent results and the explanation backed by the limited experiments / debugger output.

@karelz karelz added this to the 7.0.0 milestone Aug 7, 2022
@karelz karelz mentioned this pull request Aug 7, 2022
Closed
@CarnaViire CarnaViire mentioned this pull request Aug 24, 2022
Closed
@ghost ghost locked as resolved and limited conversation to collaborators Sep 6, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@wfurt wfurt wfurt approved these changes

Assignees
No one assigned
Labels
area-System.Net.Security community-contribution Indicates that the PR has been added by a community member
Projects
None yet
Milestone
7.0.0
Development

Successfully merging this pull request may close these issues.

system.net.security.tests.negotiateauthenticationkerberostest.loopback_success
4 participants
@filipnavara @vcsjones @wfurt @karelz