[krbdev.mit.edu #6948] Funny klist output if you try to get credentials right when a ticket expires
Geoffrey Thomas via RT
rt-comment at krbdev.mit.edu
Mon Aug 22 20:46:26 EDT 2011
If you try to get credentials for a service shortly after a ticket
expires, klist shows that you get several copies of the service ticket in
your credential cache. (None of them work.)
I run into this fairly often with a 2-hour-lifetime ccache for my root
instance, when I'm logging into servers right around when the ticket
expires. I've also heard this happens reasonably often with zephyr/zephyr.
mega-man:~ geofft$ kinit -l1m
Password for geofft at ATHENA.MIT.EDU:
[wait a little more than one minute]
mega-man:~ geofft$ ssh athena.dialup
Password:
mega-man:~ geofft$ klist
Ticket cache: FILE:/tmp/cc
Default principal: geofft at ATHENA.MIT.EDU
Valid starting Expires Service principal
08/22/11 20:40:44 08/22/11 20:41:44 krbtgt/ATHENA.MIT.EDU at ATHENA.MIT.EDU
08/22/11 20:42:01 08/22/11 20:41:44 host/buzzword-bingo.mit.edu at ATHENA.MIT.EDU
08/22/11 20:42:01 08/22/11 20:41:44 host/buzzword-bingo.mit.edu at ATHENA.MIT.EDU
08/22/11 20:42:01 08/22/11 20:41:44 host/buzzword-bingo.mit.edu at ATHENA.MIT.EDU
08/22/11 20:42:01 08/22/11 20:41:44 host/buzzword-bingo.mit.edu at ATHENA.MIT.EDU
08/22/11 20:42:01 08/22/11 20:41:44 host/buzzword-bingo.mit.edu at ATHENA.MIT.EDU
08/22/11 20:42:01 08/22/11 20:41:44 host/buzzword-bingo.mit.edu at ATHENA.MIT.EDU
--
Geoffrey Thomas
geofft at mit.edu
More information about the krb5-bugs
mailing list