[36227] in Kerberos
Re: klist shows same ticket multiple times
daemon@ATHENA.MIT.EDU (Ben H)
Fri Jun 27 18:25:47 2014
MIME-Version: 1.0
In-Reply-To: <53A905F3.9070703@mit.edu>
Date: Fri, 27 Jun 2014 17:25:34 -0500
Message-ID: <CAAd7auZpqprNYrJv9V4j=Yfeirrte_yD+4ZtU-2As7Zj_1sNxQ@mail.gmail.com>
From: Ben H <bhendin@gmail.com>
To: Greg Hudson <ghudson@mit.edu>
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Thanks Greg..
So we are talking ms here I assume since all tickets have the same time
stamp down to the second?
Will the first ticket encountered be the one used...and does it matter?
Also, you say the ccache is append-only, and this appears to be the case
when requesting service tickets. It does seem however that if a TGT is
re-requested for a service principal, it wipes out the entire cache (so
current service tickets are lost). Is this expected behavior, or is the
application I am observing doing something to cause this?
On Tue, Jun 24, 2014 at 12:00 AM, Greg Hudson <ghudson@mit.edu> wrote:
> On 06/19/2014 01:25 PM, Ben H wrote:
> > However I am also seeing in some scenarios what appears to be the exact
> > same tickets (based on SPN, time, flags, and encryption type) listed
> > multiple times in my cache.
>
> This can happen when several processes all try to contact a service
> within a short time window using the same cache. Each process checks
> the cache for a service ticket, doesn't find it, gets a service ticket
> from the KDC, then adds the resulting ticket to the cache. Since the
> FILE ccache is append-only, all of the tickets land in the cache. It's
> not usually a problem, although in extreme cases it can cause
> performance issues.
>
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
