Date: | Mon, 22 Aug 2011 20:45:42 -0400 (EDT) |
From: | Geoffrey Thomas <geofft@MIT.EDU> |
To: | krb5-bugs@MIT.EDU |
Subject: | Funny klist output if you try to get credentials right when a ticket expires |
CC: | Alexander W Dehnert <adehnert@MIT.EDU> |
If you try to get credentials for a service shortly after a ticket
expires, klist shows that you get several copies of the service ticket in
your credential cache. (None of them work.)
I run into this fairly often with a 2-hour-lifetime ccache for my root
instance, when I'm logging into servers right around when the ticket
expires. I've also heard this happens reasonably often with zephyr/zephyr.
mega-man:~ geofft$ kinit -l1m
Password for geofft@ATHENA.MIT.EDU:
[wait a little more than one minute]
mega-man:~ geofft$ ssh athena.dialup
Password:
mega-man:~ geofft$ klist
Ticket cache: FILE:/tmp/cc
Default principal: geofft@ATHENA.MIT.EDU
Valid starting Expires Service principal
08/22/11 20:40:44 08/22/11 20:41:44 krbtgt/ATHENA.MIT.EDU@ATHENA.MIT.EDU
08/22/11 20:42:01 08/22/11 20:41:44 host/buzzword-bingo.mit.edu@ATHENA.MIT.EDU
08/22/11 20:42:01 08/22/11 20:41:44 host/buzzword-bingo.mit.edu@ATHENA.MIT.EDU
08/22/11 20:42:01 08/22/11 20:41:44 host/buzzword-bingo.mit.edu@ATHENA.MIT.EDU
08/22/11 20:42:01 08/22/11 20:41:44 host/buzzword-bingo.mit.edu@ATHENA.MIT.EDU
08/22/11 20:42:01 08/22/11 20:41:44 host/buzzword-bingo.mit.edu@ATHENA.MIT.EDU
08/22/11 20:42:01 08/22/11 20:41:44 host/buzzword-bingo.mit.edu@ATHENA.MIT.EDU
--
Geoffrey Thomas
geofft@mit.edu
expires, klist shows that you get several copies of the service ticket in
your credential cache. (None of them work.)
I run into this fairly often with a 2-hour-lifetime ccache for my root
instance, when I'm logging into servers right around when the ticket
expires. I've also heard this happens reasonably often with zephyr/zephyr.
mega-man:~ geofft$ kinit -l1m
Password for geofft@ATHENA.MIT.EDU:
[wait a little more than one minute]
mega-man:~ geofft$ ssh athena.dialup
Password:
mega-man:~ geofft$ klist
Ticket cache: FILE:/tmp/cc
Default principal: geofft@ATHENA.MIT.EDU
Valid starting Expires Service principal
08/22/11 20:40:44 08/22/11 20:41:44 krbtgt/ATHENA.MIT.EDU@ATHENA.MIT.EDU
08/22/11 20:42:01 08/22/11 20:41:44 host/buzzword-bingo.mit.edu@ATHENA.MIT.EDU
08/22/11 20:42:01 08/22/11 20:41:44 host/buzzword-bingo.mit.edu@ATHENA.MIT.EDU
08/22/11 20:42:01 08/22/11 20:41:44 host/buzzword-bingo.mit.edu@ATHENA.MIT.EDU
08/22/11 20:42:01 08/22/11 20:41:44 host/buzzword-bingo.mit.edu@ATHENA.MIT.EDU
08/22/11 20:42:01 08/22/11 20:41:44 host/buzzword-bingo.mit.edu@ATHENA.MIT.EDU
08/22/11 20:42:01 08/22/11 20:41:44 host/buzzword-bingo.mit.edu@ATHENA.MIT.EDU
--
Geoffrey Thomas
geofft@mit.edu