Spurious tickets when using DNS realm configuration
eagle at eyrie.org
Wed Jul 24 12:47:32 EDT 2019
Greg Hudson <ghudson at mit.edu> writes:
> On 7/24/19 2:13 AM, David Cross wrote:
>> Additionally on the kdc i see that it additionally requests the tgt again.
> The TGT or the service ticket? Regardless, I don't have a good
> explanation for that; I wouldn't expect there to be multiple TGS
> requests in a simple referral scenario. Getting KRB5_TRACE output might
> help determine what's going on.
Maybe David is seeing multiple AS_REQs from pre-auth? That usually gets
logged as two requests, one without the challenge (which will result in
"Additional pre-authentication required") and one with it.
Russ Allbery (eagle at eyrie.org) <http://www.eyrie.org/~eagle/>
More information about the krbdev