Kerberos Question = Stale Tickets
Jeffrey Altman
jaltman2 at nyc.rr.com
Wed Dec 28 00:42:55 EST 2005
The only thing I can assume is that the "stale" tickets are expired.
In other words, the current time is greater than the expiration time
of the ticket. In that case, in order to obtain a new Ticket Granting
Ticket for use in obtaining additional service tickets, the user or
process must authenticate to the KDC (in Windows the Active Directory
Domain Controller.) Multiple failed authentication attempts can result
in an account being marked as disabled according to the local domain
policy. However, an account will only be marked as disabled if the
user or process provides incorrect authentication data.
Jeffrey Altman
Brady, Ted wrote:
> We are implementing a conferencing platform for collaborative
> conferencing and ran into an issue with authentication. A small group of
> users were being challenged for domain authentication when trying to
> access the conferencing platform from their Outlook calendars. As they
> proceeded to enter their domain credentials there accounts were
> 'disabled'.
>
> The vendor supporting the implementation effort has explained that this
> behavior could be attributed to the Kereberos tickets becoming 'stale'
> due to a prolonged time period in which the domain controllers were not
> available.
>
> I would like to better understand this explanation and also understand
> what events could cause a ticket to become 'stale'.
>
> Any support you can provide would be appreciated.
>
>
>
> Thank you,
> Ted Brady
> JHU-APL
> ITSD / ITC-1
> Section Supervisor Voice Communications
> 240 228-0835 / 443 778-0835 Office
> 443 250-5220 Cell
> ted.brady at jhuapl.edu
>
>
> ________________________________________________
> Kerberos mailing list Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>
More information about the Kerberos
mailing list