[7565] in Athena Bugs
Kerberos oddness...
daemon@ATHENA.MIT.EDU (Ken Raeburn)
Tue May 14 18:31:34 1991
Date: Tue, 14 May 91 18:30:08 -0400
From: Ken Raeburn <Raeburn@Watch.Com>
To: bugs@MIT.EDU
I was logged in to lycus, reading discuss meetings. I ran "klist",
and found some odd results.
% klist
Ticket file: /tmp/tkt_ttyp0
Principal: raeburn@ATHENA.MIT.EDU
Issued Expires Principal
May 14 09:34:42 May 14 17:34:42 krbtgt.ATHENA.MIT.EDU@ATHENA.MIT.EDU
...
May 14 12:35:14 May 14 17:35:14 discuss.charon@ATHENA.MIT.EDU
May 14 12:35:20 May 14 17:35:20 krbtgt.LCS.MIT.EDU@ATHENA.MIT.EDU
May 14 12:35:21 May 14 17:35:21 discuss.melange@LCS.MIT.EDU
...
May 14 12:35:26 May 14 17:35:26 krbtgt.CATS.UCSC.EDU@ATHENA.MIT.EDU
May 14 12:35:26 May 14 20:35:26 discuss.ucscc@CATS.UCSC.EDU
May 14 12:35:34 May 14 17:35:34 discuss.achilles@ATHENA.MIT.EDU
According to this, my ticket to the ucscc discuss server is valid
three hours after my initial ticket-granting ticket, and my tgt for
the CATS realm. Seems to have given it a lifetime of exactly eight
hours from when it was issued, ignoring the expiration time that
should have been in there. As you can see, this didn't happen with
the LCS realm.
Jim Haynes said he hasn't done anything weird with the CATS Kerberos
server, but did point out that three hours is also the time zone
difference between MIT and UCSC; it shouldn't affect things, but a
"localtime" instead of "gmtime" in one place might do it...
