KDC TGS_REQ ticket expired log message has no client or server info
Greg Hudson
ghudson at MIT.EDU
Mon Aug 8 01:54:55 EDT 2011
On Thu, 2011-07-28 at 19:19 -0400, Chris Hecker wrote:
> Hmm, digging deeper, the krb5_rd_req_decoded(_anyflag) functions are in
> k5-int.h, and are only called from a couple places throughout all the
> code. I could easily have them leave client even on failure
I assume you mean krb5_rd_req_decoded would set the ticket output value
in cases where it decrypts and decodes successfully but doesn't
validate? I think that would be acceptable, and there even seems to be
KDC code to handle this case.
I think it would be possible to log the server name as well, since
that's just sitting in the request structure. I know that's less
interesting to you.
More information about the Kerberos
mailing list