Client keytab ignored when CC has expired
Michael Osipov
1983-01-06 at gmx.net
Tue Jul 29 16:50:56 EDT 2014
Hi,
my application tries to acquire a GSS credential with a client keytab:
$ KRB_CLIENT_KTNAME=$HOME/client.keytab app
No credential is obtained. At that time, the credential was already
expired. I turned on KRB5_DEBUG and saw that the KRB5 lib checks the
credential cache and stops right there. It does not detect that it has
expired and does not use the client keytab to inquire for a new TGT.
I can provide an obfuscated logfile if necessary.
In my opinion, that is a bug and defeats the entire purpose of the
client keytab.
We do use MIT Kerberos 1.12.1 on HP-UX 11.31.
Michael
More information about the Kerberos
mailing list