[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: re-requests of expired keys.
I should note that this is with Heimdal 0.6.3, tested on both Solaris and
NetBSD.
-- Ragge
On Wed, 04 May 2005 12:07:02 +0200 Anders Magnusson wrote:
>
> I have an annoying problem: expired tickets do not get re-requested even if
> the tgt is not expired. For example; if the ccache contains this:
>
> ulrik.dc.luth.se:/home/ragge >klist
> Credentials cache: FILE:/tmp/krb5cc_30
> Principal: ragge@LTU.SE
>
> Issued Expires Principal
> May 3 13:59:48 May 3 23:58:32 krbtgt/LTU.SE@LTU.SE
> May 3 13:59:48 May 3 23:58:32 krbtgt/LTU.SE@LTU.SE
> May 3 14:01:06 >>>Expired<<< host/osiris.dc.ltu.se@LTU.SE
>
> then I can't get kerberos to work when trying to connect to osiris. OpenSSH 4
> -v says:
>
> ...
> debug1: Next authentication method: gssapi-with-mic
> debug1: Delegating credentials
> debug1: The context has expired
> Undefined error: 0
> ...
>
> and telnet says the same:
>
> ulrik.dc.luth.se:/home/ragge >telnet osiris
> Trying 130.240.112.182...
> Connected to osiris.dc.ltu.se.
> Escape character is '^]'.
> [ Trying KERBEROS5 ... ]
> [ Kerberos V5 refuses authentication because Read req failed: Ticket expired ]
> [ Trying KERBEROS5 ... ]
> [ Kerberos V5 refuses authentication because Read req failed: Ticket expired ]
>
> Shouldn't the expired ticket get re-requested?
>
> -- Ragge
>
>