What is kinit waiting for?
Wang Weijun
weijun.wang at oracle.com
Mon Dec 14 03:50:51 EST 2015
I just write a tiny KDC for testing purpose and run kinit on it.
$ kinit foo
[12207] 1450082323.957803: Getting initial credentials for foo at R
[12207] 1450082323.958526: Sending request (147 bytes) to R
[12207] 1450082323.958639: Resolving hostname 127.0.0.1
[12207] 1450082323.959392: Sending initial UDP request to dgram 127.0.0.1:9090
[12207] 1450082324.188447: Received answer (645 bytes) from dgram 127.0.0.1:9090
[12207] 1450082384.195594: Response was not from master KDC
[12207] 1450082384.195756: Processing preauth types: 19
[12207] 1450082384.195807: Selected etype info: etype aes256-cts-sha384, salt "Rfoo", params ""
[12207] 1450082384.195831: Produced preauth for next request: (empty)
[12207] 1450082384.195841: Getting AS key, salt "Rfoo", params ""
Password for foo at R:
[12207] 1450082387.600164: AS key obtained from gak_fct: aes256-cts-sha384/EC01
[12207] 1450082387.600252: Decrypted AS reply; session key is: aes256-cts/B712
[12207] 1450082387.600257: FAST negotiation: unavailable
[12207] 1450082387.600279: Initializing FILE:/tmp/krb5cc_K1 with default princ foo at R
[12207] 1450082387.600564: Storing foo at R -> krbtgt/R at R in FILE:/tmp/krb5cc_K1
Warning: Your password will expire in 23 hours on Tue Dec 15 16:38:44 2015
As you can see, after "Received answer (645 bytes) from dgram 127.0.0.1:9090", the tool waited for another 1 minute and printed out "Response was not from master KDC". What does this mean? The krb5.conf is simply
[libdefaults]
default_realm = R
forwardable = true
[realms]
R = {
kdc = 127.0.0.1:9090
}
The KDC does not understand any PREAUTH header. Could that be the reason?
Thanks
Max
More information about the krbdev
mailing list