[38511] in Kerberos
Admin ticket expiry does not expire consistently
daemon@ATHENA.MIT.EDU (Yegui Cai)
Mon Mar 25 12:01:56 2019
MIME-Version: 1.0
From: Yegui Cai <caiyegui@gmail.com>
Date: Mon, 25 Mar 2019 12:01:13 -0400
Message-ID: <CAJYMFR7hs8aBvSj_irGZwHQoSgfy1AM6yc_At2GE83sik8W0-A@mail.gmail.com>
To: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Hi all.
I am running KDC 1.16.3.
The admin tickets are not expired consistently. In the following kadmin
snippet, the max_life was set to 5s, max_renewable_life is 0.
---------------
*Mar 25 11:45:09 ygc-kdc-master05.example.com
<http://ygc-kdc-master05.example.com> kadmind[18654](Notice): Request:
kadm5_init, root/admin@EXAMPLE.COM <admin@EXAMPLE.COM>, success,
client=root/admin@EXAMPLE.COM <admin@EXAMPLE.COM>,
service=kadmin/admin@EXAMPLE.COM <admin@EXAMPLE.COM>, addr=10.76.50.109,
vers=4, flavor=6*
*Mar 25 11:45:46 ygc-kdc-master05.example.com
<http://ygc-kdc-master05.example.com> kadmind[18654](Notice): Request:
kadm5_get_principals, *, success, client=root/admin@EXAMPLE.COM
<admin@EXAMPLE.COM>, service=kadmin/admin@EXAMPLE.COM <admin@EXAMPLE.COM>,
addr=10.76.50.109*
Mar 25 11:48:10 ygc-kdc-master05.example.com kadmind[18654](Notice):
Request: kadm5_get_principals, *, success, client=root/admin@EXAMPLE.COM,
service=kadmin/admin@EXAMPLE.COM, addr=10.76.50.109
Mar 25 11:48:21 ygc-kdc-master05.example.com kadmind[18654](Notice):
Request: kadm5_get_principals, *, success, client=root/admin@EXAMPLE.COM,
service=kadmin/admin@EXAMPLE.COM, addr=10.76.50.109
Mar 25 11:53:27 ygc-kdc-master05.example.com kadmind[18654](Error):
check_rpcsec_auth: failed inquire_context, stat=786432
Mar 25 11:53:27 ygc-kdc-master05.example.com kadmind[18654](Notice):
Authentication attempt failed: 10.76.50.109, GSS-API error strings are:
*Mar 25 11:53:27 ygc-kdc-master05.example.com
<http://ygc-kdc-master05.example.com> kadmind[18654](Notice): The
referenced context has expired*
Mar 25 11:53:27 ygc-kdc-master05.example.com kadmind[18654](Notice):
Unknown code 0
Mar 25 11:53:27 ygc-kdc-master05.example.com kadmind[18654](Notice):
GSS-API error strings complete.
Mar 25 11:53:27 ygc-kdc-master05.example.com kadmind[18654](Error):
Authentication attempt failed: 10.76.50.109, RPC authentication flavor 6
Mar 25 11:53:27 ygc-kdc-master05.example.com kadmind[18654](Error):
check_rpcsec_auth: failed inquire_context, stat=786432
Mar 25 11:53:27 ygc-kdc-master05.example.com kadmind[18654](Notice):
Authentication attempt failed: 10.76.50.109, GSS-API error strings are:
Mar 25 11:53:27 ygc-kdc-master05.example.com kadmind[18654](Notice):
The referenced context has expired
Mar 25 11:53:27 ygc-kdc-master05.example.com kadmind[18654](Notice):
Unknown code 0
Mar 25 11:53:27 ygc-kdc-master05.example.com kadmind[18654](Notice):
GSS-API error strings complete.
Mar 25 11:53:27 ygc-kdc-master05.example.com kadmind[18654](Error):
Authentication attempt failed: 10.76.50.109, RPC authentication flavor 6
Mar 25 11:53:27 ygc-kdc-master05.example.com kadmind[18654](Error):
check_rpcsec_auth: failed inquire_context, stat=786432
Mar 25 11:53:27 ygc-kdc-master05.example.com kadmind[18654](Notice):
Authentication attempt failed: 10.76.50.109, GSS-API error strings are:
Mar 25 11:53:27 ygc-kdc-master05.example.com kadmind[18654](Notice):
The referenced context has expired
Mar 25 11:53:27 ygc-kdc-master05.example.com kadmind[18654](Notice):
Unknown code 0
Mar 25 11:53:27 ygc-kdc-master05.example.com kadmind[18654](Notice):
GSS-API error strings complete.
Mar 25 11:53:27 ygc-kdc-master05.example.com kadmind[18654](Error):
Authentication attempt failed: 10.76.50.109, RPC authentication flavor 6
---------------
Do I miss something here?
Thanks for any ideas!
Yegui Cai
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
