[krbdev.mit.edu #5603] NIM update inconsistencies when interacting with SecureCRT

Kevin Koch via RT rt at krbdev.mit.edu
Tue Sep 11 13:47:00 EDT 2007 

The post - 3.2.1 code changes eliminated most race-like symptoms, such 
as 5604, where an identity with deleted credentials still showed time 
remaining.  5603 remains unsolved and here is some more information:

After running SecureCRT, connecting to Athena and exitting, it is as 
if the first attempt to destroy credentials from the tray icon context 
menu is simply ignored.  A second destroy credentials operation 
succeeds.

Here are klist results from each point in the scenario:

1) Start of scenario - no credentials:
C:\Projects>klist
klist: No credentials cache found (ticket cache 
API:kpkoch at ATHENA.MIT.EDU)

2) After obtaining credentials:
C:\Projects>klist
Ticket cache: API:kpkoch at ATHENA.MIT.EDU
Default principal: kpkoch at ATHENA.MIT.EDU

Valid starting     Expires            Service principal
09/11/07 13:38:41  09/12/07 10:53:41  
krbtgt/ATHENA.MIT.EDU at ATHENA.MIT.EDU
        renew until 09/18/07 13:38:41
09/11/07 13:38:41  09/12/07 10:53:41  afs/athena.mit.edu at ATHENA.MIT.EDU
        renew until 09/18/07 13:38:41

3) After running SecureCRT, connecting to Athena and exitting:
C:\Projects>klist
Ticket cache: API:kpkoch at ATHENA.MIT.EDU
Default principal: kpkoch at ATHENA.MIT.EDU

Valid starting     Expires            Service principal
09/11/07 13:38:41  09/12/07 10:53:41  
krbtgt/ATHENA.MIT.EDU at ATHENA.MIT.EDU
        renew until 09/18/07 13:38:41
09/11/07 13:38:41  09/12/07 10:53:41  afs/athena.mit.edu at ATHENA.MIT.EDU
        renew until 09/18/07 13:38:41
09/11/07 13:39:08  09/12/07 10:53:41  host/home-on-the-
dome.mit.edu at ATHENA.MIT.EDU
        renew until 09/18/07 13:38:41

4) After destroying credentials from the tray icon context menu:
C:\Projects>klist
Ticket cache: API:kpkoch at ATHENA.MIT.EDU
Default principal: kpkoch at ATHENA.MIT.EDU

Valid starting     Expires            Service principal
09/11/07 13:38:41  09/12/07 10:53:41  
krbtgt/ATHENA.MIT.EDU at ATHENA.MIT.EDU
        renew until 09/18/07 13:38:41
09/11/07 13:39:08  09/12/07 10:53:41  host/home-on-the-
dome.mit.edu at ATHENA.MIT.EDU
        renew until 09/18/07 13:38:41

5) After destroying credentials from the tray icon context menu again:
C:\Projects>klist
klist: No credentials cache found (ticket cache 
API:kpkoch at ATHENA.MIT.EDU)

C:\Projects>

The problem does not happen if SecureCRT isn't run, as before.

I'm going to try stepping through the destroy code.

More information about the krb5-bugs mailing list