Strange klist output, missing realm in service principal name

Andreas Ntaflos daff at pseudoterminal.org
Fri Dec 17 00:01:28 EST 2010


Hi all, 

I am wondering what (if anything) is wrong with the following output 
from klist. This is after authenticating against a kerberized Apache 
server with Firefox and negotiation enabled:

$ klist
Ticket cache: FILE:/tmp/krb5cc_1000
Default principal: daff at EXAMPLE.COM

Valid starting     Expires            Service principal
12/17/10 05:47:13  12/17/10 15:47:13  krbtgt/EXAMPLE.COM at EXAMPLE.COM
        renew until 12/18/10 05:50:05
12/17/10 05:47:45  12/17/10 15:47:13  HTTP/dev.example.com@
        renew until 12/18/10 05:50:05
12/17/10 05:47:45  12/17/10 15:47:13  HTTP/dev.example.com at EXAMPLE.COM
        renew until 12/18/10 05:50:05

Notice the first HTTP entry, the realm part after the "@" is missing. I 
don't know for sure but this looks wrong to me. No example output of 
klist I have ever seen when reading docs or googleing looked like this. 
However, everything seems to be working fine, i.e. logging into the 
website works without extra password prompts from the browser, as 
expected. 

Any ideas what, if anything, is the problem here?

Thanks, 

Andreas
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
Url : http://mailman.mit.edu/pipermail/kerberos/attachments/20101217/88fce52b/attachment.bin


More information about the Kerberos mailing list