AS_REQ Return code 60 for principal expired?

Mike Friedman mikef at berkeley.edu
Thu Dec 11 15:54:23 EST 2008


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I've been doing some testing of my programs that use the MIT API against a 
KDC running 1.6.1 on a Linux system.  On all prior systems where I've run 
a KDC, and according to the Kerberos docs, a principal expired condition 
should set a return code of 1.  But on this test system, it seems I'm 
getting back a 60, which the docs define as a 'generic error'.

Now, I realize I may very well have done something wrong in switching my 
environment (which I do by pointing to a different krb5.conf file and a 
different service keytab). When I point my same programs back to the 1.4.2 
production system, I do get the return code=1 that I expect.

When I unexpire the principal, authentication works correctly on the test 
system, just as it should.

Does anyone know of any reason I should get back a return code of 60, 
instead of 1, for an expired principal on 1.6.1?

Thanks.

Mike

_________________________________________________________________________
Mike Friedman                        Information Services & Technology
mikef at berkeley.edu                   2484 Shattuck Avenue
1-510-642-1410                       University of California at Berkeley
http://mikef.berkeley.edu            http://ist.berkeley.edu
_________________________________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (FreeBSD)

iEYEARECAAYFAklBff8ACgkQFgKSfLOvZ1Rf+QCdF5oVpwJHhajfbUZ773tOQGPq
DgAAn14YGwUbd8a/9F/5A+SD3tWV8FEw
=Rg4l
-----END PGP SIGNATURE-----



More information about the Kerberos mailing list