KDC TGS_REQ ticket expired log message has no client or server info
Chris Hecker
checker at d6.com
Thu Jul 28 05:45:35 EDT 2011
A typical failed TGS_REQ for an expired ticket looks like this:
Jul 28 04:28:17 example.com krb5kdc[14031](info): TGS_REQ (1 etypes
{18}) 1.1.1.1: PROCESS_TGS: authtime 0, <unknown client> for <unknown
server>, Ticket expired
This is slightly less than useful for finding which client is submitting
expired TGTs.
rd_req_decoded_opt computes the enc_part2->client, but then immediately
toasts it on error out.
It's pretty deep down so I guess it'd be a pain to fix, but it's a
shame, since the information for a good error is computed, it's just
thrown away too early.
Thoughts?
Chris
More information about the Kerberos
mailing list