How to find out why credentials have expired
neelsmail@rediffmail.com
neelsmail at rediffmail.com
Wed May 14 11:53:01 EDT 2008
On May 14, 8:28 pm, Simo Sorce <sso... at redhat.com> wrote:
> On Wed, 2008-05-14 at 03:19 -0700, neelsm... at rediffmail.com wrote:
> > Hi,
>
> > I am using Kerberos 5 to authenticate an AD user from Linux RHEL 5.1
> > with NetworkManager installed. Every so often, a dialog box pops up
> > which asks for the credentials of the AD user. I wanted to know how
> > can I find out why and how his credentials have expired. Is there a
> > way to do that?
>
> It might be kerb_auth_dialog (a Red Hat helper package) popping up
> because your kerberos ticket is expired.
>
> Simo.
>
> --
> Simo Sorce * Red Hat, Inc * New York
Thank you _very_ much. Yes, it is krb5-auth-dialog. I have been
searching frantically for last couple of days why would it pop up.
When I do "kinit", klist (without any arguments) shows that krbtgt
ticket has been replaced by whatever host name I passed to kinit (with
-S option). When that happens, krb5-auth-dialog pops up. If I enter
correct password now, the ticket for host I sent to kinit gets
replaced again by krbtgt. Is that expected? The problem is it pops up
_everytime_. Is there a way to get around this behaviour? I tried
uninstalling NetworkManager, NetworkManager-gnome but that just makes
any commands after "kinit" fail with "Cannot find ticket for the
requested realm".
Thanks,
Neel.
More information about the Kerberos
mailing list