[prev in list] [next in list] [prev in thread] [next in thread]
List: krb5-bugs
Subject: Re: [krbdev.mit.edu #7650] Issue following client referral from AD
From: "Sumit Bose via RT" <rt-comment () krbdev ! mit ! edu>
Date: 2013-05-31 7:10:18
Message-ID: rt-7650-38689.18.9772233411618 () krbdev ! mit ! edu
[Download RAW message or body]
On Thu, May 30, 2013 at 11:42:24AM -0400, Greg Hudson via RT wrote:
> This is what we get for using in-out parameters. Please test
> https://github.com/greghudson/krb5/commits/usemaster (just the top
> commit) to see if it solves your problem. It's not easy for me to test
> since we don't natively generate AS referrals.
Thanks Greg, works like a charm:
# KRB5_TRACE=/dev/stdout KRB5_CONFIG=./krb5.conf KRB5CCNAME=FILE:./bla.ccfile kinit \
-C -E Administrator@SUBDOM.SUB [3265] 1369983085.77137: Getting initial credentials \
for Administrator\@SUBDOM.SUB@DOM1.FOO [3265] 1369983085.77752: Sending request (210 \
bytes) to DOM1.FOO [3265] 1369983085.80773: Resolving hostname ad1.dom1.foo.
[3265] 1369983085.83679: Sending initial UDP request to dgram 10.34.47.82:88
[3265] 1369983085.85482: Received answer from dgram 10.34.47.82:88
[3265] 1369983085.86999: Response was not from master KDC
[3265] 1369983085.87134: Received error from KDC: -1765328316/Realm not local to KDC
[3265] 1369983085.87217: Following referral to realm dom2.bar
[3265] 1369983085.87334: Sending request (210 bytes) to dom2.bar
[3265] 1369983085.88944: Resolving hostname ad2.dom2.bar.
[3265] 1369983085.98131: Sending initial UDP request to dgram 10.34.47.47:88
[3265] 1369983085.99132: Received answer from dgram 10.34.47.47:88
[3265] 1369983085.99970: Response was not from master KDC
[3265] 1369983085.100094: Received error from KDC: -1765328316/Realm not local to KDC
[3265] 1369983085.100165: Following referral to realm SUBDOM.SUB
[3265] 1369983085.100282: Sending request (214 bytes) to SUBDOM.SUB
[3265] 1369983085.102557: Resolving hostname adsub2.subdom.sub.
[3265] 1369983085.104183: Sending initial UDP request to dgram 10.34.47.53:88
[3265] 1369983085.106733: Received answer from dgram 10.34.47.53:88
[3265] 1369983085.112464: Response was not from master KDC
[3265] 1369983085.112584: Received error from KDC: -1765328359/Additional \
pre-authentication required [3265] 1369983085.112695: Processing preauth types: 16, \
15, 19, 2 [3265] 1369983085.112788: Selected etype info: etype rc4-hmac, salt \
"(null)", params "" Password for Administrator\@SUBDOM.SUB@DOM1.FOO:
[3265] 1369983091.646357: AS key obtained for encrypted timestamp: rc4-hmac/A4BB
[3265] 1369983091.646437: Encrypted timestamp (for 1369983091.646369): plain \
301AA011180F32303133303533313036353133315AA105020309DCE1, encrypted \
E7518311C1387B2A152A40E6ECCB3E43F439383CFA1CFEF3F5EC3D5D55AAA34046237B41E4A64D0A29AE790F2F56EBDD38B5F2FE
[3265] 1369983091.646484: Preauth module encrypted_timestamp (2) (flags=1) returned: \
0/Erfolg [3265] 1369983091.646511: Produced preauth for next request: 2
[3265] 1369983091.646545: Sending request (290 bytes) to SUBDOM.SUB
[3265] 1369983091.648411: Resolving hostname adsub2.subdom.sub.
[3265] 1369983091.649530: Sending initial UDP request to dgram 10.34.47.53:88
[3265] 1369983091.651150: Received answer from dgram 10.34.47.53:88
[3265] 1369983091.652045: Response was not from master KDC
[3265] 1369983091.652150: Salt derived from principal: SUBDOM.SUBAdministrator
[3265] 1369983091.652240: AS key determined by preauth: rc4-hmac/A4BB
[3265] 1369983091.652358: Decrypted AS reply; session key is: aes256-cts/B3A4
[3265] 1369983091.652429: FAST negotiation: unavailable
[3265] 1369983091.652526: Initializing FILE:./bla.ccfile with default princ \
Administrator@SUBDOM.SUB [3265] 1369983091.656741: Removing Administrator@SUBDOM.SUB \
-> krbtgt/SUBDOM.SUB@SUBDOM.SUB from FILE:./bla.ccfile [3265] 1369983091.656833: \
Storing Administrator@SUBDOM.SUB -> krbtgt/SUBDOM.SUB@SUBDOM.SUB in FILE:./bla.ccfile
bye,
Sumit
_______________________________________________
krb5-bugs mailing list
krb5-bugs@mit.edu
https://mailman.mit.edu/mailman/listinfo/krb5-bugs
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic