Admin ticket expiry does not expire consistently

Yegui Cai caiyegui at gmail.com
Mon Mar 25 12:01:13 EDT 2019


Hi all.
I am running KDC 1.16.3.
The admin tickets are not expired consistently. In the following kadmin
snippet, the max_life was set to 5s, max_renewable_life is 0.

---------------
*Mar 25 11:45:09 ygc-kdc-master05.example.com
<http://ygc-kdc-master05.example.com> kadmind[18654](Notice): Request:
kadm5_init, root/admin at EXAMPLE.COM <admin at EXAMPLE.COM>, success,
client=root/admin at EXAMPLE.COM <admin at EXAMPLE.COM>,
service=kadmin/admin at EXAMPLE.COM <admin at EXAMPLE.COM>, addr=10.76.50.109,
vers=4, flavor=6*
*Mar 25 11:45:46 ygc-kdc-master05.example.com
<http://ygc-kdc-master05.example.com> kadmind[18654](Notice): Request:
kadm5_get_principals, *, success, client=root/admin at EXAMPLE.COM
<admin at EXAMPLE.COM>, service=kadmin/admin at EXAMPLE.COM <admin at EXAMPLE.COM>,
addr=10.76.50.109*
Mar 25 11:48:10 ygc-kdc-master05.example.com kadmind[18654](Notice):
Request: kadm5_get_principals, *, success, client=root/admin at EXAMPLE.COM,
service=kadmin/admin at EXAMPLE.COM, addr=10.76.50.109
Mar 25 11:48:21 ygc-kdc-master05.example.com kadmind[18654](Notice):
Request: kadm5_get_principals, *, success, client=root/admin at EXAMPLE.COM,
service=kadmin/admin at EXAMPLE.COM, addr=10.76.50.109
Mar 25 11:53:27 ygc-kdc-master05.example.com kadmind[18654](Error):
check_rpcsec_auth: failed inquire_context, stat=786432
Mar 25 11:53:27 ygc-kdc-master05.example.com kadmind[18654](Notice):
Authentication attempt failed: 10.76.50.109, GSS-API error strings are:
*Mar 25 11:53:27 ygc-kdc-master05.example.com
<http://ygc-kdc-master05.example.com> kadmind[18654](Notice):     The
referenced context has expired*
Mar 25 11:53:27 ygc-kdc-master05.example.com kadmind[18654](Notice):
 Unknown code 0
Mar 25 11:53:27 ygc-kdc-master05.example.com kadmind[18654](Notice):
GSS-API error strings complete.
Mar 25 11:53:27 ygc-kdc-master05.example.com kadmind[18654](Error):
Authentication attempt failed: 10.76.50.109, RPC authentication flavor 6
Mar 25 11:53:27 ygc-kdc-master05.example.com kadmind[18654](Error):
check_rpcsec_auth: failed inquire_context, stat=786432
Mar 25 11:53:27 ygc-kdc-master05.example.com kadmind[18654](Notice):
Authentication attempt failed: 10.76.50.109, GSS-API error strings are:
Mar 25 11:53:27 ygc-kdc-master05.example.com kadmind[18654](Notice):
 The referenced context has expired
Mar 25 11:53:27 ygc-kdc-master05.example.com kadmind[18654](Notice):
 Unknown code 0
Mar 25 11:53:27 ygc-kdc-master05.example.com kadmind[18654](Notice):
GSS-API error strings complete.
Mar 25 11:53:27 ygc-kdc-master05.example.com kadmind[18654](Error):
Authentication attempt failed: 10.76.50.109, RPC authentication flavor 6
Mar 25 11:53:27 ygc-kdc-master05.example.com kadmind[18654](Error):
check_rpcsec_auth: failed inquire_context, stat=786432
Mar 25 11:53:27 ygc-kdc-master05.example.com kadmind[18654](Notice):
Authentication attempt failed: 10.76.50.109, GSS-API error strings are:
Mar 25 11:53:27 ygc-kdc-master05.example.com kadmind[18654](Notice):
 The referenced context has expired
Mar 25 11:53:27 ygc-kdc-master05.example.com kadmind[18654](Notice):
 Unknown code 0
Mar 25 11:53:27 ygc-kdc-master05.example.com kadmind[18654](Notice):
GSS-API error strings complete.
Mar 25 11:53:27 ygc-kdc-master05.example.com kadmind[18654](Error):
Authentication attempt failed: 10.76.50.109, RPC authentication flavor 6
---------------
Do I miss something here?
Thanks for any ideas!
Yegui Cai


More information about the Kerberos mailing list