[32334] in Kerberos
Kerberos AS-REQ
daemon@ATHENA.MIT.EDU (Yang Li)
Fri May 14 10:38:49 2010
Message-ID: <BLU133-DS13E761976823D090A22DF7CEFD0@phx.gbl>
From: "Yang Li" <sharepointlink@hotmail.com>
To: <kerberos@mit.edu>
In-Reply-To: <4BEAE7E7.3060400@cbnco.com>
Date: Fri, 14 May 2010 10:38:29 -0400
MIME-Version: 1.0
Content-Language: en-us
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
When I run Kinit -S HTTP/server.domain. KDC returns with PRINCIAPL_UNKNOWN
error.
>From WireShark, I can see client makes a (KRB 5 )AS-REQ to KDC, but its
KDC_REQ_BODY has the server name (principal) as http/server.domain. is this
the right behavior? should client sends krbtgt/domain in its request to KDC
instead? My understanding is the purpose of AS-REQ is only to get TGT? can
someone help me understand this?
Thanks, -Yang
-----Original Message-----
From: Tom Parker [mailto:tparker@cbnco.com]
Sent: Wednesday, May 12, 2010 1:40 PM
To: Yang Li
Cc: 'Russ Allbery'; kerberos@mit.edu
Subject: Re: error message after kdestroy
klist should always fail after a kdestroy
kinit should work fine to get you a new TGT
On 05/12/2010 01:32 PM, Yang Li wrote:
> Thanks Russ for your response.
>
> What puzzle me is, this behavior is not consistent. Most of time, after
> kdestroy, either klist or kinit can still get TGT ticket, but i did get
the
> error message sometimes after kdestroy, is that odd?
>
> Thanks, -Yang
>
>
>
>
> -----Original Message-----
> From: kerberos-bounces@mit.edu [mailto:kerberos-bounces@mit.edu] On Behalf
> Of Russ Allbery
> Sent: Wednesday, May 12, 2010 12:43 PM
> To: kerberos@mit.edu
> Subject: Re: error message after kdestroy
>
> "Yang Li" <sharepointlink@hotmail.com> writes:
>
>
>> after kdestroy command, i get the following error message on any other
>> commands such as klist or kinit. Any idea?
>>
>
>> No credentials cache found while getting default ccache
>>
> Well... yes. kdestroy destroys the credential cache, so the other
> commands now no longer have a credential cache to work with. That's the
> whole point of kdestroy.
>
>
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
