--On Wednesday, September 06, 2006 5:45 PM -0400 Jeffrey Altman via RT wrote: > Russ Allbery via RT wrote: > >>> Just to be clear, the problem happens when the ticket cache is >>> refreshed. I.e., the tickets for the existing SASL/GSSAPI connection >>> hadn't actually yet expired, just the ticket cache was refreshed with >>> new tickets. I can understand why the SASL/GSSAPI context would be >>> closed out on *expiration* but I think a refresh shouldn't have this >>> effect. ;) > > If it is possible, can you post a stack trace at the point the context > is deemed to be invalid? > > That would help a lot. Hm, after going back through the thread, I can't tell specifically if it is actually the refresh or the expiration that caused the problem, because the user set it to a 5 minute ticket with a 4 minute refresh to demonstrate the issue. I myself do not use MIT kerberos for my OpenLDAP servers, so reproducing this in my environment would take a bit of work. I'm currently lacking the internal development environment where I'd usually test such things. :/ I can get in contact with the user who reported the issue, and see what additional data they can gather, if you like. --Quanah -- Quanah Gibson-Mount Principal Software Developer ITS/Shared Application Services Stanford University GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html