[12895] in Athena Bugs
sun4 7.7K: login/xlogin/kerberos tickets/aklog
daemon@ATHENA.MIT.EDU (Karen Walrath)
Tue Nov 15 16:37:15 1994
To: bugs@MIT.EDU
Date: Tue, 15 Nov 1994 16:37:02 EST
From: Karen Walrath <karen@MIT.EDU>
System name: lees2
Type and version: SPARC/Classic 7.7K (1 update(s) to same version)
Display type: cgthree
What were you trying to do?
log in multiple times to the sun.
What's wrong:
the kerberos tickets are getting confused.
What should have happened:
There are two problems here. The first involves multiple telnet sessions.
The second combines a telnet session with a login session from the monitor.
First problem:
Log into the sun via telnet. Type 'tokens'
Tokens held by the Cache Manager:
User's (AFS ID 578) tokens for afs@lees.mit.edu [Expires Nov 15 22:26]
User's (AFS ID 578) tokens for afs@net.mit.edu [Expires Nov 15 22:26]
User's (AFS ID 578) tokens for afs@athena.mit.edu [Expires Nov 15 22:26]
--End of list--
Log into the sun via telnet a second time. Type 'tokens'
Tokens held by the Cache Manager:
User's (AFS ID 578) tokens for afs@lees.mit.edu [Expires Nov 16 01:23]
User's (AFS ID 578) tokens for afs@net.mit.edu [Expires Nov 16 01:23]
User's (AFS ID 578) tokens for afs@athena.mit.edu [Expires Nov 16 01:23]
--End of list--
Go back to the first session. Type 'tokens'. Notice how the expiration
date has changed though it should not have.
Tokens held by the Cache Manager:
User's (AFS ID 578) tokens for afs@lees.mit.edu [Expires Nov 16 01:23]
User's (AFS ID 578) tokens for afs@net.mit.edu [Expires Nov 16 01:23]
User's (AFS ID 578) tokens for afs@athena.mit.edu [Expires Nov 16 01:23]
--End of list--
Type 'aklog -c lees' then 'tokens' again. Note that the "real" expiration
date hasn't changed, just what 'tokens' first reported.
Tokens held by the Cache Manager:
User's (AFS ID 578) tokens for afs@lees.mit.edu [Expires Nov 15 22:26]
User's (AFS ID 578) tokens for afs@net.mit.edu [Expires Nov 16 01:23]
User's (AFS ID 578) tokens for afs@athena.mit.edu [Expires Nov 16 01:23]
--End of list--
Go back to the second session and type 'tokens'. Oops. We now munged
this session's tickets. The real expiration time is 01:23, and would
be restored (again, in both sessions) by issuing the aklog command.
Tokens held by the Cache Manager:
User's (AFS ID 578) tokens for afs@lees.mit.edu [Expires Nov 15 22:26]
User's (AFS ID 578) tokens for afs@net.mit.edu [Expires Nov 16 01:23]
User's (AFS ID 578) tokens for afs@athena.mit.edu [Expires Nov 16 01:23]
--End of list--
These two sessions should have independent ticket files and shouldn't
be messing up the other session's tickets via the aklog command. This
exercise works fine on the decstations. There may be other problems
going on here too.
Second problem:
If the second session is from the monitor (via xlogin), when you log out
of the second session, ALL kerberos tickets get destroyed for that
user, including the ones from the first session.
From the terminal, type 'tokens'
Tokens held by the Cache Manager:
User's (AFS ID 578) tokens for afs@lees.mit.edu [Expires Nov 15 22:26]
User's (AFS ID 578) tokens for afs@net.mit.edu [Expires Nov 15 22:26]
User's (AFS ID 578) tokens for afs@athena.mit.edu [Expires Nov 15 22:26]
--End of list--
Log into the display. Type 'tokens'
Tokens held by the Cache Manager:
User's (AFS ID 578) tokens for afs@lees.mit.edu [Expires Nov 16 02:30]
User's (AFS ID 578) tokens for afs@net.mit.edu [Expires Nov 16 02:30]
User's (AFS ID 578) tokens for afs@athena.mit.edu [Expires Nov 16 02:30]
--End of list--
Log out of the display, type 'tokens' on the terminal.
Tokens held by the Cache Manager:
--End of list--
Gone!
