[krbdev.mit.edu #4222] GSSAPI context being destroyed when ticket cache renewed
Quanah Gibson-Mount via RT
rt-comment at krbdev.mit.edu
Wed Sep 6 18:07:43 EDT 2006
--On Wednesday, September 06, 2006 5:45 PM -0400 Jeffrey Altman via RT
<rt-comment at krbdev.mit.edu> wrote:
> Russ Allbery via RT wrote:
>
>>> Just to be clear, the problem happens when the ticket cache is
>>> refreshed. I.e., the tickets for the existing SASL/GSSAPI connection
>>> hadn't actually yet expired, just the ticket cache was refreshed with
>>> new tickets. I can understand why the SASL/GSSAPI context would be
>>> closed out on *expiration* but I think a refresh shouldn't have this
>>> effect. ;)
>
> If it is possible, can you post a stack trace at the point the context
> is deemed to be invalid?
>
> That would help a lot.
Hm, after going back through the thread, I can't tell specifically if it is
actually the refresh or the expiration that caused the problem, because the
user set it to a 5 minute ticket with a 4 minute refresh to demonstrate the
issue.
I myself do not use MIT kerberos for my OpenLDAP servers, so reproducing
this in my environment would take a bit of work. I'm currently lacking the
internal development environment where I'd usually test such things. :/
I can get in contact with the user who reported the issue, and see what
additional data they can gather, if you like.
--Quanah
--
Quanah Gibson-Mount
Principal Software Developer
ITS/Shared Application Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html
More information about the krb5-bugs
mailing list