[743] in Kerberos-V5-bugs
Expired ticket messages
daemon@ATHENA.MIT.EDU (Joe Ramus)
Wed Sep 14 12:27:21 1994
Date: Wed, 14 Sep 94 09:26:49 PDT
From: ramus@nersc.gov (Joe Ramus)
To: krb5-bugs@MIT.EDU, auth-pilot@es.net
In some cases, attempting to use an expired ticket will give an error
message so the user knows the reason for failure. In other cases,
it just fails quietly & the user is left to wonder what happened.
I noted this with telnet when attempting an authenticated login.
In one case, I needed to get a service ticket but that failed because
my TGT was expired. There was no error message, just a password
request.
In another case, I already had a service ticket for the target host
but it was expired. This gave an informative error message.
Here are the examples:
{East2:62} klist
Ticket cache: /users/ramus/tickets/ESnet.osi-east2
Default principal: ramus@ES.NET
Valid starting Expires Service principal
12-Sep-94 16:32:20 13-Sep-94 00:32:07 krbtgt/ES.NET@ES.NET
12-Sep-94 16:33:46 13-Sep-94 00:32:07 krbtgt/NERSC.GOV@ES.NET
12-Sep-94 16:33:47 13-Sep-94 00:32:07 host/grouse.nersc.gov@NERSC.GOV
{East2:63} telnet -a osi-east2.es.net 766
Trying 128.55.32.35...
Connected to osi-east2.es.net.
Escape character is '^]'.
password:
Login incorrect
login:
login: Connection closed by foreign host.
{East2:64} telnet -a grouse.nersc.gov 766
Trying 128.55.184.162...
Connected to grouse.nersc.gov.
Escape character is '^]'.
[ Kerberos V5 refuses authentication because Read req failed: Ticket expired ]
password:
Login incorrect
login:
login: Connection closed by foreign host.
----------------------------------------------------------------
| Joe Ramus NERSC Livermore (510) 423-8917 ramus@nersc.gov |
----------------------------------------------------------------
