Strange klist output, missing realm in service principal name
Andreas Ntaflos
daff at pseudoterminal.org
Fri Dec 17 14:02:03 EST 2010
On Friday 17 December 2010 06:36:45 Greg Hudson wrote:
> On Fri, 2010-12-17 at 00:01 -0500, Andreas Ntaflos wrote:
> > Notice the first HTTP entry, the realm part after the "@" is
> > missing. I don't know for sure but this looks wrong to me.
>
> This is an artifact of the way host referrals were introduced in krb5
> 1.6.
[...]
> Two cache entries are created, one with the empty realm and one with
> the realm we actually got credentials in. This is so we don't have
> to perform a referral request a second time.
Thank you very much for this excellent explanation!
Andreas
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
Url : http://mailman.mit.edu/pipermail/kerberos/attachments/20101217/39c7fad4/attachment.bin
More information about the Kerberos
mailing list