[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Ahh! Leap year (February) miscalculation?
Right at 6:00pm Central (midnight GMT) all of my web servers started
throwing login errors, showing a clock skew of 86400 seconds:
t zxidsso.c:476 zxid_validate_cond zx E ssof: NotBefore rejected with
slop of 39600. Time to validity 86400 secs. Our gettimeofday: 1298938582
secs, remote: 1299024982 secs
The remote epoch calculation there is incorrect, it should be the same as
"Our gettimeofday" (The web servers and IdPs are in sync, within a
second) Is this a leap year problem?
I managed to bandaid this for now by adding a BEFORE_SLOP of 2 days. Also,
my zxid version is a little dated, at 0.69. Apologies if this has already