[3064] in Kerberos-V5-bugs
pending/709: [daemon@ATHENA.MIT.EDU : an kinit oddity]
daemon@ATHENA.MIT.EDU (Joseph Sokol-Margolis)
Tue Apr 6 12:36:07 1999
Resent-From: gnats@rt-11.MIT.EDU (GNATS Management)
Resent-To: gnats-admin@rt-11.MIT.EDU
Resent-Reply-To: krb5-bugs@MIT.EDU, Joseph Sokol-Margolis <seph@MIT.EDU>
Date: Tue, 6 Apr 1999 12:35:01 -0400 (EDT)
From: Joseph Sokol-Margolis <seph@MIT.EDU>
To: krb5-bugs@MIT.EDU
>Number: 709
>Category: pending
>Synopsis: [daemon@ATHENA.MIT.EDU : an kinit oddity]
>Confidential: yes
>Severity: serious
>Priority: medium
>Responsible: gnats-admin
>State: open
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Tue Apr 06 12:36:00 EDT 1999
>Last-Modified:
>Originator:
>Organization:
>Release:
>Environment:
>Description:
>How-To-Repeat:
>Fix:
>Audit-Trail:
>Unformatted:
oops, mailed this to the wrong kerberos-bugs list. you might want to
usurp kerberos-bugs and bug-kerberos
------- Forwarded transaction
Subject: an kinit oddity
To: bugs@MIT.EDU, kerberos-bugs@MIT.EDU
Date: Tue, 06 Apr 1999 02:32:01 EDT
From: Joseph Sokol-Margolis <seph@MIT.EDU>
so, I noticed that when I kinit, for a lengthened ticket (-l1800m) I
get tickets in the future. then I aklog, and I get afs tickets with
the same expiration date.
However, if I kinit with the kinit in the krb5 locker, then use
krb524init (also from the krb5 locker, though I noticed this with the
athena one as well) to get krb4 tickets, then aklog, my afs tokens
expire in 10 hours (as opposed to 20 hours) this seems rather broken.
I don't know enough to track down any more of this bug. I asked about
it on -c sipb last night, and marc said "oh, I know the bug. the
ticket lifetime in the encrypted part of the ticket is wrong."
I wrote a short script to test this, it just runs the various
commands, and dumps klist output somewhere. it and klist output from a
couple of athena platforms is in /mit/seph/Public/krb-aklog.bug/
seph
--[16792]--
------- End forwarded transaction
