From 323f4631a4796f7c90cb082b31ad6b7d8101244a Mon Sep 17 00:00:00 2001 From: Nicolas Williams Date: Sat, 1 Oct 2022 17:49:39 -0500 Subject: [PATCH] krb5: Do not clobber keytab entry timestamps We set the timestamp field of krb5_keytab_entry in every case in-tree, so we should not clobber it in krb5_kt_add_entry(). This is very important in the context of virtual service principals, as the timestamp of the keys in the keytab is a clue to when they must be refetched! --- lib/krb5/keytab.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/lib/krb5/keytab.c b/lib/krb5/keytab.c index 559d640f0..bcb3ed837 100644 --- a/lib/krb5/keytab.c +++ b/lib/krb5/keytab.c @@ -883,7 +883,8 @@ krb5_kt_add_entry(krb5_context context, id->prefix); return KRB5_KT_NOWRITE; } - entry->timestamp = time(NULL); + if (entry->timestamp == 0) + entry->timestamp = time(NULL); return (*id->add)(context, id,entry); }