Skip Menu |
 

Date: Tue, 24 Jun 2008 01:10:01 +0200
From: "Rogier Krieger" <rkrieger@gmail.com>
To: "KfW bugs list" <kfw-bugs@mit.edu>
Subject: NetIDMgr - showing incorrect lifetime
Dear developers,

The kind people of the kerberos@ list recommended posting this issue
here. Should I be able to provide you with further input or
information, please let me know how I can be of help.

Issue description:
NetIDMgr shows 'expired' for the tickets, even if they are valid for
several hours. Refreshing the tickets through NetIDMgr or refreshing
the view does not correct the displayed time. NetIDMgr keeps
displaying 'expired' (even if the background colour behind the
identity changes colour appropriate to ticket lifetime).

NetIDMgr output:
rkrieger@REALM (Default, Kerberos v5)
(Expired)

Above text is displayed on a background colour appropriate for ticket
lifetime. Please see the attached image for a graphical version.


klist output:
Show quoted text
>klist -C
Ticket cache: API:rkrieger@REALM
Default principal: rkrieger@REALM

Valid starting Expires Service principal
06/23/08 14:19:57 06/24/08 14:19:57 krbtgt/REALM@REALM
renew until 06/30/08 14:19:57


Version information:
Windows XP, SP2
KfW 3.2.2 (installed through 32-bit MSI)
NetIDMgr 1.3.1.0

Image not shown because sender requested not to inline it.

Date: Wed, 25 Jun 2008 01:10:57 +0200
From: "Rogier Krieger" <rkrieger@gmail.com>
To: jaltman@secure-endpoints.com
Subject: Re: NetIDMgr - showing incorrect lifetime [krbdev.mit.edu #5988]
CC: "Kerberos RT" <rt@krbdev.mit.edu>
RT-Send-Cc:
Download (untitled) / with headers
text/plain 1.6KiB
Dear Mr. Altman,

On Tue, Jun 24, 2008 at 5:35 PM, Jeffrey Altman
<jaltman@secure-endpoints.com> wrote:
Show quoted text
> There is a separate mail queue for KFW. kfw-bugs@...

My apologies for that typo; I filed it at kfw-bugs@ (#5988 in RT)
earlier today. To keep the bug report, up to date, I CC'd this to RT
and stripped off the kerberos@ list (to prevent littering). If RT is
more convenient for you, please don't hesitate to tell me.


Show quoted text
> When you examine the properties of the "rkrieger@REALM" entry what
> are the reported lifetimes?

I'm assuming you mean the dialog window that opens after
right-clicking the identity and selecting "Properties". The dialog box
lists the correct properties for the ticket lifetimes (i.e. the same
lifetimes as obtained from <klist -C>). It's only the main NetIDMgr
window that displays 'Expired' (or an incorrect remaining lifetime);
the 'Properties' dialog box provides correct data.

I included the image I sent with my first message (hence my mailing to
your personal address) to give you a clearer picture.

Typically, the problem arises whenever I (or KfW on its own)
perform(s) a ticket renewal. After refreshing tickets several times
(with renewed tickets issued, as the KDC logs shows), the NetIDMgr
window *sometimes* shows correct lifetimes again, but most often it
doesn't. It will however provide a 'correct' background colour (green,
yellow) for the entry. 'Correct' meaning 'measured against <klist -C>
ticket lifetimes).


Does the above clarify the issue? I am not seeing any adverse effects
in use, only something cosmetic, so it's hardly something of high
priority.


Sincerely,

Rogier Krieger

Image not shown because sender requested not to inline it.

Rogier:

We certainly thought this problem was fixed prior to 3.2.2.

When the problem occurs, does the problem get reset when you toggle to
the advanced mode via F7?

Jeffrey Altman
Date: Thu, 26 Jun 2008 08:12:14 +0200
From: "Rogier Krieger" <rkrieger@gmail.com>
To: rt@krbdev.mit.edu
Subject: Re: [krbdev.mit.edu #5988] NetIDMgr - showing incorrect lifetime
RT-Send-Cc:
On Wed, Jun 25, 2008 at 8:43 PM, Jeffrey Altman via RT
<rt@krbdev.mit.edu> wrote:
Show quoted text
> When the problem occurs, does the problem get reset when you toggle to
> the advanced mode via F7?

Yes, toggling back and forth via F7 seems to bring back proper time
display in the NetIDMgr window. I seem to be able to reproduce the
following: when I have two identities active, NetIDMgr only seems to
provide the right times for one of them upon renewing either.

Switching back and forth with F7 fixes that, initially. Upon renewal
(in simple mode), one (sometimes both) of the identities gets the
issue again. Hopefully, this provides some clues as to the relevant
code path.

Rogier
It has occurred to me that this is probably bug 5858 which has already
been fixed by Secure Endpoints and is available in private builds that
are made available to Secure Endpoints support customers. The fix is
also available in the MIT Kerberos repository.

Jeffrey Altman