[30520] in Kerberos
AS_REQ Return code 60 for principal expired?
daemon@ATHENA.MIT.EDU (Mike Friedman)
Thu Dec 11 15:56:08 2008
Date: Thu, 11 Dec 2008 12:54:23 -0800 (PST)
From: Mike Friedman <mikef@berkeley.edu>
To: MIT Kerberos Mailing List <kerberos@mit.edu>
Message-ID: <alpine.BSF.1.10.0812111239030.81298@brillig.security.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I've been doing some testing of my programs that use the MIT API against a
KDC running 1.6.1 on a Linux system. On all prior systems where I've run
a KDC, and according to the Kerberos docs, a principal expired condition
should set a return code of 1. But on this test system, it seems I'm
getting back a 60, which the docs define as a 'generic error'.
Now, I realize I may very well have done something wrong in switching my
environment (which I do by pointing to a different krb5.conf file and a
different service keytab). When I point my same programs back to the 1.4.2
production system, I do get the return code=1 that I expect.
When I unexpire the principal, authentication works correctly on the test
system, just as it should.
Does anyone know of any reason I should get back a return code of 60,
instead of 1, for an expired principal on 1.6.1?
Thanks.
Mike
_________________________________________________________________________
Mike Friedman Information Services & Technology
mikef@berkeley.edu 2484 Shattuck Avenue
1-510-642-1410 University of California at Berkeley
http://mikef.berkeley.edu http://ist.berkeley.edu
_________________________________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (FreeBSD)
iEYEARECAAYFAklBff8ACgkQFgKSfLOvZ1Rf+QCdF5oVpwJHhajfbUZ773tOQGPq
DgAAn14YGwUbd8a/9F/5A+SD3tWV8FEw
=Rg4l
-----END PGP SIGNATURE-----
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
