[4698] in Athena Bugs
Re: /bin/tokens: false >> Expired <<
daemon@ATHENA.MIT.EDU (Richard Basch)
Thu Apr 5 17:23:03 1990
Date: Thu, 5 Apr 90 17:22:22 -0400
To: "Jonathan I. Kamens" <jik@PIT-MANAGER.MIT.EDU>
Cc: bug-afs@MIT.EDU, bugs@ATHENA.MIT.EDU, bug-kerberos@MIT.EDU
In-Reply-To: Jonathan I. Kamens's message of Sun, 25 Mar 90 18:55:42 -0500,
From: Richard Basch <probe@MIT.EDU>
Date: Sun, 25 Mar 90 18:55:42 -0500
From: "Jonathan I. Kamens" <jik@pit-manager.MIT.EDU>
Sender: jik@pit-manager.MIT.EDU
----- Forwarded message
Date: Fri, 23 Mar 90 17:07:44 -0500
From: John T Kohl <jtkohl@ATHENA.MIT.EDU>
To: bugs@ATHENA.MIT.EDU
Subject: vax 6.4R: /bin/tokens
X-Us-Snail: MIT Room E40-300, 1 Amherst St., Cambridge, MA 02139 USA
System name: lycus
Type and version: CVAXSTAR 6.4R
Display type: SM
What were you trying to do?
play with 21-hour tickets.
What's wrong:
/bin/tokens displays an incorrect >> Expired << message for
tokens which are valid until tomorrow:
[{3}lycus:/afs/athena.mit.edu/astaff/project/krb5/src/lib/krb]
% tokens
Tokens held by the Cache Manager: (** marks primary identity)
[ 0] --End of list--
[{3}lycus:/afs/athena.mit.edu/astaff/project/krb5/src/lib/krb]
% klist
Ticket file: /tmp/tkt_5509_spare1
Principal: jtkohl@ATHENA.MIT.EDU
Issued Expires Principal
Mar 23 17:04:45 Mar 24 14:19:45 krbtgt.ATHENA.MIT.EDU@ATHENA.MIT.EDU
Mar 23 17:04:54 Mar 24 14:19:54 afs.athena.mit.edu@ATHENA.MIT.EDU
Mar 23 17:05:07 Mar 24 14:20:07 afs.sipb.mit.edu@ATHENA.MIT.EDU
[{3}lycus:/afs/athena.mit.edu/astaff/project/krb5/src/lib/krb]
% nfsid -cell athena.mit.edu
[{3}lycus:/afs/athena.mit.edu/astaff/project/krb5/src/lib/krb]
% tokens
Tokens held by the Cache Manager: (** marks primary identity)
[ 0] User ViceID=5509 for afs@athena.mit.edu [>> Expired <<]
[ 1] --End of list--
[{3}lycus:/afs/athena.mit.edu/astaff/project/krb5/src/lib/krb]
% where tokens
/bin/tokens
[{3}lycus:/afs/athena.mit.edu/astaff/project/krb5/src/lib/krb]
% where nfsid
/bin/athena/nfsid
[{3}lycus:/afs/athena.mit.edu/astaff/project/krb5/src/lib/krb]
%
What should have happened:
It should have printed the proper expiration date/time.
Please describe any relevant documentation references:
[Please replace this line with the appropriate description.]
----- End of forwarded message
Here is a transcript of what I did:
% kinit -l probe
(Entered a lifetime of 1000 minutes -- c.lifetime = 200)
% aklog -cell rel-eng.athena.mit.edu
% saber -lkrb -ldes
#include <des.h>
#include <krb.h>
CREDENTIALS c;
This software is licensed for use only at the
Massachusetts Institute of Technology
krb_get_cred("afs","rekrb_get_cred("afs","rel-eng.athAttaching: /lib/libc.a
enkrb_get_cred("afs","rel-eng.athena.mit.edu"Attaching: /usr/athena/lib/libkrb.a
,Attaching: /usr/athena/lib/libdes.a
1 -> "ATHENA.MIT#include <des.h>
.EDU"2 -> #include <krb.h>
.EDU", &3 -> CREDENTIALS c;
4 -> krb_get_cred("afs","rel-eng.athena.mit.edu","ATHENA.MIT.EDU", &c);
Linking from '/usr/athena/lib/libkrb.a' .... Linking completed.
Linking from '/lib/libc.a' .......... Linking completed.
(int) 0
5 -> c;
(struct credentials) =
{
char service[40] = 0x12a808 "afs";
char instance[40] = 0x12a830 "rel-eng.athena.mit.e"...;
char realm[40] = 0x12a858 "ATHENA.MIT.EDU";
unsigned char session[8] = 0x12a880 /* 0x12a888 */ =
{
[0] = (unsigned char) 0xdf,
[1] = (unsigned char) 0xad,
[2] = (unsigned char) 0xa7,
[3] = (unsigned char) 0xe,
[4] = (unsigned char) 0xa7,
[5] = (unsigned char) 0x80,
[6] = (unsigned char) 0x8f,
[7] = (unsigned char) 0x8,
};
int lifetime = -1;
. . .
Notice that the "lifetime" field of the credentials is -1. Thus the bug
is in kerberos, not AFS. The next question is what is in the ktext; I
did not check that out. I did change all (char lifetime) declarations
in AFS to (unsigned char) in the new AFS 3.0Beta2; there were only a
couple that were incorrect, but those were unrelated to the "tokens"
problem.
-Richard
