Facing slowness issue in kerberos authentication.

kannan rbk kannanrbk.r at gmail.com
Thu Nov 14 07:00:09 EST 2013


Dear Team,

I am using "kerberos 5" authentication in *Cent Os (6.4)*. I am facing
slowness issue in kerberos authentication. Here is the trace log of a
*kinit* operation , It took nearly a minute to authenticate.

[1404] 1384426591.426193: Getting initial credentials for
> bharathi at ZMEDIA.COM
> [1404] 1384426591.426401: Sending request (202 bytes) to ZMEDIA.COM
> [1404] 1384426591.427396: Resolving hostname bharathi.zmedia.com
> [1404] 1384426591.433685: Sending initial UDP request to dgram
> 172.168.5.29:88
> [1404] 1384426591.434785: Received answer from dgram 172.168.5.29:88
> [1404] 1384426601.446339: Response was not from master KDC
> [1404] 1384426601.446395: Received error from KDC: -1765328359/Additional
> pre-authentication required
> [1404] 1384426601.446437: Processing preauth types: 136, 19, 2, 133
> [1404] 1384426601.446450: Selected etype info: etype aes256-cts, salt
> "(null)", params ""
> [1404] 1384426601.446454: Received cookie: MIT
> [1404] 1384426622.457448: AS key obtained for encrypted timestamp:
> aes256-cts/35B5
> [1404] 1384426622.457495: Encrypted timestamp (for 1384426622.457460):
> plain 301AA011180F32303133313131343130353730325AA105020306FAF4, encrypted
> 8CD5FB95637CB5F65D226BA78944C57C13EA042D0D47AB8A4A5852C15683269997812737388D3E89B6D032A30CC150CCC113BDBB88F3207D
> [1404] 1384426622.457510: Preauth module encrypted_timestamp (2) (flags=1)
> returned: 0/Success
> [1404] 1384426622.457515: Produced preauth for next request: 133, 2
> [1404] 1384426622.457529: Sending request (297 bytes) to ZMEDIA.COM
> [1404] 1384426622.457552: Resolving hostname bharathi.zmedia.com
> [1404] 1384426622.457620: Sending initial UDP request to dgram
> 172.168.5.29:88
> [1404] 1384426622.494665: Received answer from dgram 172.168.5.29:88
> [1404] 1384426632.506162: Response was not from master KDC
> [1404] 1384426632.506215: Processing preauth types: 19
> [1404] 1384426632.506228: Selected etype info: etype aes256-cts, salt
> "(null)", params ""
> [1404] 1384426632.506237: Produced preauth for next request: (empty)
> [1404] 1384426632.506244: Salt derived from principal: ZMEDIA.COMbharathi
> [1404] 1384426632.506258: AS key determined by preauth: aes256-cts/35B5
> [1404] 1384426632.506339: Decrypted AS reply; session key is:
> aes256-cts/A30A
> [1404] 1384426632.506366: FAST negotiation: available
> [1404] 1384426632.506403: Initializing FILE:/tmp/krb5cc_0 with default
> princ bharathi at ZMEDIA.COM
> [1404] 1384426632.586689: Removing bharathi at ZMEDIA.COM -> krbtgt/
> ZMEDIA.COM at ZMEDIA.COM from FILE:/tmp/krb5cc_0
> [1404] 1384426632.586699: Storing bharathi at ZMEDIA.COM -> krbtgt/
> ZMEDIA.COM at ZMEDIA.COM in FILE:/tmp/krb5cc_0
> [1404] 1384426632.586761: Storing config in FILE:/tmp/krb5cc_0 for krbtgt/
> ZMEDIA.COM at ZMEDIA.COM: fast_avail: yes
> [1404] 1384426632.586780: Removing bharathi at ZMEDIA.COM ->
> krb5_ccache_conf_data/fast_avail/krbtgt\/ZMEDIA.COM
> \@ZMEDIA.COM at X-CACHECONF: from FILE:/tmp/krb5cc_0
> [1404] 1384426632.586786: Storing bharathi at ZMEDIA.COM ->
> krb5_ccache_conf_data/fast_avail/krbtgt\/ZMEDIA.COM
> \@ZMEDIA.COM at X-CACHECONF: in FILE:/tmp/krb5cc_0


Please help me to solve the problem. If you need any other information let
me know.

Regards,
Bharathikannan R


More information about the Kerberos mailing list