[2907] in Kerberos
Problem with hashing algorithm?
daemon@ATHENA.MIT.EDU (Davies)
Tue Nov 23 13:51:35 1993
From: bbh7rqj@if000353.bell-atl.com (Davies)
To: kerberos@MIT.EDU
Date: Tue, 23 Nov 93 13:33:35 EST
Cc: jim@if000353.bell-atl.com
Reply-To: cdavies@remen.bell-atl.com
> We have a Version 4 database that is rapidly growing in size (up
> to about 4180 principals right now). Recently I noticed that one
> particular principal that was just added cannot get a ticket granting
> ticket. I believe this may be an error somewhere in the way the
> hashing algorithm is working as principals are stored or looked up
> in the database. Is this a fair assumption? Has anyone else experienced
> similar behavior?
After further investigation I was quite surprised to find that the
principal in question was in fact expired! I never thought to investigate
this because we don't explicitly expire principals and the default
is 1999. I still am unsure of how the expiration happened however.
The "Principal expired" error was not displayed upon login because
we run a different version of login which only displays "login incorrect".
Chris.
--
*******************************************************************************
Chris Davies e-mail: Christopher.I.Davies@bell-atl.com
Bell Atlantic Voice: (301) 989-4111
Fax: (301) 989-3945
******************************************************************************
