[36700] in Kerberos
Behaviour of krb5 1.12
daemon@ATHENA.MIT.EDU (Markus Moeller)
Fri Jan 2 17:36:35 2015
To: kerberos@mit.edu
From: "Markus Moeller" <huaraz@moeller.plus.com>
Date: Fri, 2 Jan 2015 22:35:53 -0000
Message-ID: <m876ge$sq1$1@ger.gmane.org>
Mime-Version: 1.0
X-Complaints-To: usenet@ger.gmane.org
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Hi,
I lately changed from krb5 1.10 on OpenSuse 12.3 to krb5 1.12 on OpenSuse
13.2 and wonder what is happening
I login as one user and use my kerberised application , switch to a second
user and use the application again, but the credentials from the first user
are used.
# kinit
Password for markus@SUSE.HOME:
# klist -e
Ticket cache: DIR::/run/user/1000/krb5cc/tkt
Default principal: markus@SUSE.HOME
Valid starting Expires Service principal
02/01/15 22:23:54 03/01/15 08:23:54 krbtgt/SUSE.HOME@SUSE.HOME
renew until 03/01/15 22:23:54, Etype (skey, tkt): arcfour-hmac,
arcfour-hmac
# /opt/dante/bin/socksify wget -O /tmp/tmp.out http://www.test.com
# klist -e
Ticket cache: DIR::/run/user/1000/krb5cc/tkt
Default principal: markus@SUSE.HOME
Valid starting Expires Service principal
02/01/15 22:23:54 03/01/15 08:23:54 krbtgt/SUSE.HOME@SUSE.HOME
renew until 03/01/15 22:23:54, Etype (skey, tkt): arcfour-hmac,
arcfour-hmac
02/01/15 22:25:23 03/01/15 08:23:54 rcmd/opensuse13.suse.home@SUSE.HOME
renew until 03/01/15 22:23:54, Etype (skey, tkt): arcfour-hmac,
arcfour-hmac
Change user:
# kinit mm@WIN2003R2.HOME
Password for mm@WIN2003R2.HOME:
# klist -e
Ticket cache: DIR::/run/user/1000/krb5cc/tkt3a1A8Y
Default principal: mm@WIN2003R2.HOME
Valid starting Expires Service principal
02/01/15 22:30:51 03/01/15 08:30:51 krbtgt/WIN2003R2.HOME@WIN2003R2.HOME
renew until 03/01/15 22:30:44, Etype (skey, tkt): arcfour-hmac,
arcfour-hmac
# /opt/dante/bin/socksify wget -O /tmp/tmp.out http://www.test.com
# klist -e
Ticket cache: DIR::/run/user/1000/krb5cc/tkt3a1A8Y
Default principal: mm@WIN2003R2.HOME
Valid starting Expires Service principal
02/01/15 22:30:51 03/01/15 08:30:51 krbtgt/WIN2003R2.HOME@WIN2003R2.HOME
renew until 03/01/15 22:30:44, Etype (skey, tkt): arcfour-hmac,
arcfour-hmac
I see no service principal and looking at the cache directory I see
ls -ltr /run/user/1000/krb5cc/
total 16
-rw------- 1 markus users 4 Jan 2 22:00 tktrFbVvG
-rw------- 1 markus users 1163 Jan 2 22:25 tkt
-rw------- 1 markus users 1280 Jan 2 22:30 tkt3a1A8Y
-rw------- 1 markus users 10 Jan 2 22:30 primary
and it looks like the client used the tkt file.
# klist -e -c /run/user/1000/krb5cc/tkt
Ticket cache: FILE:/run/user/1000/krb5cc/tkt
Default principal: markus@SUSE.HOME
Valid starting Expires Service principal
02/01/15 22:23:54 03/01/15 08:23:54 krbtgt/SUSE.HOME@SUSE.HOME
renew until 03/01/15 22:23:54, Etype (skey, tkt): arcfour-hmac,
arcfour-hmac
02/01/15 22:25:23 03/01/15 08:23:54 rcmd/opensuse13.suse.home@SUSE.HOME
renew until 03/01/15 22:23:54, Etype (skey, tkt): arcfour-hmac,
arcfour-hmac
How do I switch/delete it ? kdestroy doesn't
# kdestroy
# ls -ltr /run/user/1000/krb5cc/
total 12
-rw------- 1 markus users 4 Jan 2 22:00 tktrFbVvG
-rw------- 1 markus users 1163 Jan 2 22:25 tkt
-rw------- 1 markus users 10 Jan 2 22:30 primary
Is this a new expected behaviour ?
Thank you
Markus
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
