Excessive TGS_REQ krbtgt/REALM@REALM (Possible misbehaviour in NetidMgr)
Russ Allbery
rra at stanford.edu
Tue Jul 6 22:50:48 EDT 2010
Michael van Dijk <pavlovski at gmail.com> writes:
> Now for the possible 'misbehaviour'
> Repeating the same actions (making an SSH connection from kerberized SSH
> client to kerberized SSH server) from 'Linux Slackware client A' to
> 'Linux Slackware SSH server A' generates a TGS_REQ for
> krbtgt/REALM at REALM every time a new SSH connection is initiated to
> 'Linux Slackware SSH server A'. The same goes for SSH Putty connections
> from 'Windows XP client A' to 'Linux Slackware SSH server A'. Every new
> SSH connection generates another TGS_REQ for krbtgt/REALM at REALM.
> Can anybody explain me this behaviour ? Is it expected ?
It's probably because the client supports ticket forwarding. I suspect
the additional TGS-REQ is to obtain the krbtgt/REALM ticket that will be
forwarded to the remote host.
--
Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>
More information about the Kerberos
mailing list