[krbdev.mit.edu #7910] krb5-1.12 logging incomplete (PROCESS_TGS - Ticket expired)
Richard Basch via RT
rt-comment at krbdev.mit.edu
Tue May 13 22:21:47 EDT 2014
When a TGT has expired but is presented to the KDC, the KDC will log
<unknown client> for server_principal at REALM, Ticket expired.
Though patches have already been adopted to correct the service principal
logging (which was faulty in 1.11 & 1.12), the client principal is not
properly decoded/displayed, especially in the "expired ticket" case. This
can make diagnostics a little more challenging in some cases.
I don't have a quick fix yet.
To reproduce:
- Get a TGT
- Let it expire and then wait until after the "grace time"
- Attempt to get a service ticket (using TGS_REQ). I use "kvno" on
a Linux 5 system which is compiled against the 1.6 libraries (1.12 client
library detects the ticket is already expired without ever sending the
request to the KDC).
_____
No virus found in this message.
Checked by AVG - www.avg.com
Version: 2014.0.4577 / Virus Database: 3931/7469 - Release Date: 05/10/14
More information about the krb5-bugs
mailing list