ASN.1 failed call to system time library
Ken Hornstein
kenh at cmf.nrl.navy.mil
Wed May 28 14:31:47 EDT 2003
(Yes, this was a couple of weeks ago).
>Russ Allbery <rra at stanford.edu> writes:
>
>> We're seeing a regular trickle of these log messages from our KDCs. Is
>> this anything to worry about, or should we just ignore them?
>>
>> krb5kdc[3531]: ASN.1 failed call to system time library - while dispatching
>
>How odd. That indicates an error reported by our gmt_mktime routine,
>applied to the parsed ASN.1 time encoding sent by some client. If the
>client in question is using the MIT code, we'd certainly like to know
>about it. :-)
We get these occasionally as well. I tracked them down, once; in every
instance it was a Macintosh that had it's system time reset to the Macintosh
epoch, which is outside of the Unix time range, which producdes this error.
(Okay, I added patches to the KDC to log the IP address when the dispatch
system produces an error).
--Ken
More information about the Kerberos
mailing list