Strange klist output, missing realm in service principal name
Andreas Ntaflos
daff at pseudoterminal.org
Fri Dec 17 00:01:28 EST 2010
Hi all,
I am wondering what (if anything) is wrong with the following output
from klist. This is after authenticating against a kerberized Apache
server with Firefox and negotiation enabled:
$ klist
Ticket cache: FILE:/tmp/krb5cc_1000
Default principal: daff at EXAMPLE.COM
Valid starting Expires Service principal
12/17/10 05:47:13 12/17/10 15:47:13 krbtgt/EXAMPLE.COM at EXAMPLE.COM
renew until 12/18/10 05:50:05
12/17/10 05:47:45 12/17/10 15:47:13 HTTP/dev.example.com@
renew until 12/18/10 05:50:05
12/17/10 05:47:45 12/17/10 15:47:13 HTTP/dev.example.com at EXAMPLE.COM
renew until 12/18/10 05:50:05
Notice the first HTTP entry, the realm part after the "@" is missing. I
don't know for sure but this looks wrong to me. No example output of
klist I have ever seen when reading docs or googleing looked like this.
However, everything seems to be working fine, i.e. logging into the
website works without extra password prompts from the browser, as
expected.
Any ideas what, if anything, is the problem here?
Thanks,
Andreas
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
Url : http://mailman.mit.edu/pipermail/kerberos/attachments/20101217/88fce52b/attachment.bin
More information about the Kerberos
mailing list