[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

date/time problem in Kerberos???



This seems downright weird!!!

Heimdal 0.2l. (I apologize if this has already been fixed).


The keys look valid:

[552] [lyell:bmay] ~/cvswork >klist -v
Credentials cache: FILE:/tmp/krb5cc_3752
        Principal: bam@CHOCBIT.ORG.AU
    Cache version: 4

Server: krbtgt/CHOCBIT.ORG.AU@CHOCBIT.ORG.AU
Ticket etype: des-cbc-md5, kvno 1
Auth time:  Feb  3 14:07:26 2000
End time:   Feb  4 00:07:21 2000
Ticket flags: initial
Addresses: IPv4:130.194.64.41

Server: host/snoopy.apana.org.au@CHOCBIT.ORG.AU
Ticket etype: des3-cbc-sha1, kvno 1
Auth time:  Feb  3 14:07:26 2000
Start time: Feb  3 14:08:40 2000
End time:   Feb  4 00:07:21 2000
Ticket flags: 
Addresses: IPv4:130.194.64.41

But kerberos says ticket not valid:

[562] [lyell:bmay] ~/cvswork/phdpaper3/phdtex >telnet snoopy.apana.org.au
Encryption is verbose
Trying 202.12.87.129...
Connected to snoopy.apana.org.au.
Escape character is '^]'.
[ Trying mutual KERBEROS5 ... ]
Kerberos V5: mk_req failed (Ticket not yet valid)
[ Trying KERBEROS5 ... ]
Kerberos V5: mk_req failed (Ticket not yet valid)
Debian GNU/%s potato %h

[563] [lyell:bmay] ~/cvswork/phdpaper3/phdtex >date
Thu Feb  3 16:19:25 EST 2000

I don't have time to investigate this right now (and trusting my
luck it may not happen again ;-) ).

My guess though, is Kerberos is looking at the end time (00 hours)
and getting confused because this is before the start time (14 hours),
without realizing the date is different.

It could be just an bad error message, too. For instance when I try to
log in now, I get the error Clock skew too great, which is strange as
everything is ntp based. Better check on that.
-- 
Brian May <bmay@csse.monash.edu.au>