Negative expiration time
Opened this issue · 1 comments
z3rone commented
In the backend I see a device with the expiration time 'About -3 days'. I recently set the expiration time of that device to one day, if that could be the cause for the problem...
GeoffWalton commented
The expiration time is ‘advisory’ to the client. The server really has no way to make it do anything obviously. What probably has happened is you set the expiration time to a smaller value than what was previously sent to the client. The client is still waiting for the old expire time to arrive before it checks in. In the mean time the server is reporting the expiration time and subtracting the last time it actually communicated with the client and as result is reporting a negative value.
if you have access to the client you could modify the date in the password_history.txt file which would cause it to check in. Otherwise I would expect the problem to resolve itself once the client checks in at the previously configured time.
Geoff Walton | Senior Security Consultant
CISSP
TRUSTEDSEC, LLC
C: 440.344.8967
Office: 877.550.4728
E: GEOFF.WALTON@TRUSTEDSEC.COM
https://www.trustedsec.com<https://www.trustedsec.com/>
YOUR TRUSTED SOURCE FOR INFORMATION SECURITY
From: z3rone <notifications@github.com>
Reply-To: trustedsec/SHIPS <reply@reply.github.com>
Date: Tuesday, June 26, 2018 at 4:40 AM
To: trustedsec/SHIPS <SHIPS@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Subject: [EXTERNAL] [trustedsec/SHIPS] Negative expiration time (#13)
In the backend I see a device with the expiration time 'About -3 days'. I recently set the expiration time of that device to one day, if that could be the cause for the problem...
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub<#13>, or mute the thread<https://github.com/notifications/unsubscribe-auth/AKKpBb2-MDKW8zkJ6H1CVqcPbGmUYdfRks5uAfOBgaJpZM4U3fid>.
The information in and any documents attached to this e-mail are the sole property of TrustedSec, LLC and may contain confidential information, including business information protected by applicable privacy law. Such information and documents are intended only for receipt and use by the person(s) named above in this e-mail. If you are not an intended recipient, you are hereby notified that any review, disclosure, distribution, or duplication of the information in or documents attached to this e-mail is not permitted and may violate applicable law. If you are not an intended recipient, please contact the sender by reply email and destroy each copy of the original e-mail, including all attached documents. Thank you.