Skip to content

[Test] Lower the Kerberos principal expiration time#73515

Merged
wfurt merged 1 commit into
dotnet:mainfrom
filipnavara:kerberos-test-guard
Aug 6, 2022
Merged

[Test] Lower the Kerberos principal expiration time#73515
wfurt merged 1 commit into
dotnet:mainfrom
filipnavara:kerberos-test-guard

Conversation

@filipnavara

@filipnavara filipnavara commented Aug 6, 2022

Copy link
Copy Markdown
Member

KRB5/GSSAPI on Arm32 is unable to handle dates far in the future. We don't use the credentials long-term so the expiration could be almost arbitrarily short.

Fixes #73343

@filipnavara
Lower the Kerberos principal expiration time
4a89e2f 
KRB5/GSSAPI on Arm32 is unable to handle dates far in the future
@ghost ghost added area-System.Net.Security community-contribution Indicates that the PR has been added by a community member labels Aug 6, 2022
@filipnavara filipnavara requested a review from wfurt August 6, 2022 11:36
@ghost

ghost commented Aug 6, 2022

Copy link
Copy Markdown

Tagging subscribers to this area: @dotnet/ncl, @vcsjones
See info in area-owners.md if you want to be subscribed.

Issue Details

KRB5/GSSAPI on Arm32 is unable to handle dates far in the future. We don't use the credentials long-term so the expiration could be almost arbitrarily short.

Fixes #73343

Author: filipnavara
Assignees: -
Labels:

area-System.Net.Security
Milestone: -

@filipnavara

filipnavara commented Aug 6, 2022
edited
Loading

Copy link
Copy Markdown
Member Author

Needs /azp run runtime-extra-platforms before merge.

@filipnavara filipnavara changed the title Lower the Kerberos principal expiration time [Test] Lower the Kerberos principal expiration time Aug 6, 2022
@vcsjones

vcsjones commented Aug 6, 2022

Copy link
Copy Markdown
Member

/azp run runtime-extra-platforms

@azure-pipelines

azure-pipelines Bot commented Aug 6, 2022

Copy link
Copy Markdown
Azure Pipelines successfully started running 1 pipeline(s).

wfurt
wfurt reviewed Aug 6, 2022
View reviewed changes

@wfurt wfurt left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice! extra-platform looks clean from Kerberos prospective.
Perhaps the 9999 month overflow 32bit somewhere?

@wfurt

wfurt commented Aug 6, 2022

Copy link
Copy Markdown
Member

Socket and Quic test failures unrelated

@wfurt wfurt merged commit 254ac08 into dotnet:main Aug 6, 2022
@filipnavara

filipnavara commented Aug 6, 2022

Copy link
Copy Markdown
Member Author

Perhaps the 9999 month overflow 32bit somewhere?

My guess would be something like Y2286 problem where Unix timestamp can overflow. The weird thing is that it didn't fail the CI the same way on x86 Linux. I kept the ARM VM in case we want to run some more tests but for the moment I am happy with consistent results and the explanation backed by the limited experiments / debugger output.

@karelz karelz added this to the 7.0.0 milestone Aug 7, 2022
@karelz karelz mentioned this pull request Aug 7, 2022
Closed
@CarnaViire CarnaViire mentioned this pull request Aug 24, 2022
Closed
@ghost ghost locked as resolved and limited conversation to collaborators Sep 6, 2022
@filipnavara filipnavara deleted the kerberos-test-guard branch June 5, 2025 07:39
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@wfurt wfurt wfurt approved these changes

Assignees

No one assigned

Labels

area-System.Net.Security community-contribution Indicates that the PR has been added by a community member

Projects

None yet

Milestone

7.0.0

Development

Successfully merging this pull request may close these issues.

system.net.security.tests.negotiateauthenticationkerberostest.loopback_success

4 participants

@filipnavara @vcsjones @wfurt @karelz