--- a/mod_sasl2_fast/mod_sasl2_fast.lua Mon Nov 07 10:21:18 2022 +0000
+++ b/mod_sasl2_fast/mod_sasl2_fast.lua Mon Nov 07 10:21:42 2022 +0000
@@ -47,6 +47,7 @@
if hash.equals(expected_hash, token_hash) then
local current_time = now();
if token.expires_at < current_time then
+ log("debug", "Token found, but it has expired (%ds ago). Cleaning up...", current_time - token.expires_at);
token_store:set(username, key, nil);
return nil, "credentials-expired";
end
@@ -61,6 +62,7 @@
if invalidate then
token_store:set(username, key, nil);
elseif current_time - token.issued_at > fast_token_min_ttl then
+ log("debug", "FAST token due for rotation (age: %d)", current_time - token.issued_at);
rotation_needed = true;
end
return true, username, hmac_f(token.secret, "Responder"..cb_data), rotation_needed;