Received: from smtp3.stanford.edu (smtp3.Stanford.EDU [171.67.20.26]) by krbdev.mit.edu (8.9.3p2) with ESMTP id RAA16687; Wed, 6 Sep 2006 17:10:21 -0400 (EDT) Received: from smtp3.stanford.edu (localhost.localdomain [127.0.0.1]) by localhost (Postfix) with SMTP id 580A14C441 for ; Wed, 6 Sep 2006 14:10:21 -0700 (PDT) Received: from windlord.stanford.edu (windlord.Stanford.EDU [171.64.19.147]) by smtp3.stanford.edu (Postfix) with ESMTP id 3C8BA4C419 for ; Wed, 6 Sep 2006 14:10:21 -0700 (PDT) Received: by windlord.stanford.edu (Postfix, from userid 1000) id 36864E78D5; Wed, 6 Sep 2006 14:10:21 -0700 (PDT) From: Russ Allbery To: rt@krbdev.mit.edu Subject: Re: [krbdev.mit.edu #4222] GSSAPI context being destroyed when ticket cache renewed In-Reply-To: (Quanah Gibson-Mount via's message of "Wed, 6 Sep 2006 16:43:38 -0400 (EDT)") Organization: The Eyrie References: Date: Wed, 06 Sep 2006 14:10:21 -0700 Message-Id: <87veo0ya4i.fsf@windlord.stanford.edu> User-Agent: Gnus/5.110006 (No Gnus v0.6) XEmacs/21.4.19 (linux) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii RT-Send-Cc: X-RT-Original-Encoding: us-ascii Content-Length: 1007 Quanah Gibson-Mount via RT writes: > Sam Hartman via RT wrote: >> I strongly suspect that the context is ending when it expires and that >> SASL needs to do a better job of catching this error and reporting a >> connection problem. > Just to be clear, the problem happens when the ticket cache is > refreshed. I.e., the tickets for the existing SASL/GSSAPI connection > hadn't actually yet expired, just the ticket cache was refreshed with > new tickets. I can understand why the SASL/GSSAPI context would be > closed out on *expiration* but I think a refresh shouldn't have this > effect. ;) This makes me wonder what in GSS-API is looking at the ticket cache. I would have thought that once the GSS-API context was established and authentication was finished, there wouldn't be further need to look at the Kerberos ticket cache, but apparently that's not correct? -- Russ Allbery (rra@stanford.edu)