Ticket forwarding failure
Mike Dopheide
dopheide at ncsa.uiuc.edu
Mon May 22 17:30:40 EDT 2006
In my experience only your TGT will be forwarded, not every ticket in your
credentials cache. The tickets have your IP address encoded in them so
during the forwarding process you're actually getting a new TGT with the
IP address of the remote system you're telnetting into.
-Mike
> *NOW* what am I doing wrong? :) Why are my other
> tickets not being forwarded? MIT Kerberos 1.4.3
> telnet and telnetd in use.
>
> jblaine > klist -f
> Ticket cache: FILE:/tmp/krb5cc_p11561
> Default principal: jblaine at JBTEST
>
> Valid starting Expires Service principal
> 05/22/06 15:20:08 05/23/06 01:20:08 krbtgt/JBTEST at JBTEST
> renew until 05/22/06 15:20:08, Flags: FRI
> 05/22/06 15:22:03 05/23/06 01:20:08 host/noodle.foo.com at JBTEST
> renew until 05/22/06 15:20:08, Flags: FRT
> 05/22/06 15:22:20 05/23/06 01:20:08 afs/jbtest at JBTEST
> renew until 05/22/06 15:20:08, Flags: FRT
>
>
> Kerberos 4 ticket cache: /tmp/tkt26560
> klist: You have no tickets cached
>
> jblaine > telnet -a -F 192.168.168.3
> Trying 192.168.168.3...
> Connected to noodle.foo.com (192.168.168.3).
> Escape character is '^]'.
> [ Kerberos V5 accepts you as ``jblaine at JBTEST'' ]
> [ Kerberos V5 accepted forwarded credentials ]
> Last login: Mon May 22 15:22:03 from noodle
> Sun Microsystems Inc. SunOS 5.9 Generic May 2002
> jblaine > klist -f
> Ticket cache: FILE:/tmp/krb5cc_p11616
> Default principal: jblaine at JBTEST
>
> Valid starting Expires Service principal
> 05/22/06 15:22:28 05/23/06 01:20:08 krbtgt/JBTEST at JBTEST
> renew until 05/22/06 15:20:08, Flags: FfRT
>
>
> Kerberos 4 ticket cache: /tmp/tkt26560
> klist: You have no tickets cached
> jblaine >
> ________________________________________________
> Kerberos mailing list Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>
More information about the Kerberos
mailing list