klist shows same ticket multiple times
Ben H
bhendin at gmail.com
Fri Jun 27 18:25:34 EDT 2014
Thanks Greg..
So we are talking ms here I assume since all tickets have the same time
stamp down to the second?
Will the first ticket encountered be the one used...and does it matter?
Also, you say the ccache is append-only, and this appears to be the case
when requesting service tickets. It does seem however that if a TGT is
re-requested for a service principal, it wipes out the entire cache (so
current service tickets are lost). Is this expected behavior, or is the
application I am observing doing something to cause this?
On Tue, Jun 24, 2014 at 12:00 AM, Greg Hudson <ghudson at mit.edu> wrote:
> On 06/19/2014 01:25 PM, Ben H wrote:
> > However I am also seeing in some scenarios what appears to be the exact
> > same tickets (based on SPN, time, flags, and encryption type) listed
> > multiple times in my cache.
>
> This can happen when several processes all try to contact a service
> within a short time window using the same cache. Each process checks
> the cache for a service ticket, doesn't find it, gets a service ticket
> from the KDC, then adds the resulting ticket to the cache. Since the
> FILE ccache is append-only, all of the tickets land in the cache. It's
> not usually a problem, although in extreme cases it can cause
> performance issues.
>
More information about the Kerberos
mailing list