Behaviour of krb5 1.12

Markus Moeller Fri, 02 Jan 2015 14:39:06 -0800

Hi,

   I lately changed from krb5 1.10 on OpenSuse 12.3 to krb5 1.12 on OpenSuse 
13.2 and wonder what is happening


I login as one user and use my kerberised application  , switch to a second 
user and use the application again, but the credentials from the first user 
are used.

# kinit
Password for mar...@suse.home:
# klist -e
Ticket cache: DIR::/run/user/1000/krb5cc/tkt
Default principal: mar...@suse.home

Valid starting     Expires            Service principal
02/01/15 22:23:54  03/01/15 08:23:54  krbtgt/suse.h...@suse.home
        renew until 03/01/15 22:23:54, Etype (skey, tkt): arcfour-hmac, 
arcfour-hmac

# /opt/dante/bin/socksify wget -O /tmp/tmp.out http://www.test.com

# klist -e
Ticket cache: DIR::/run/user/1000/krb5cc/tkt
Default principal: mar...@suse.home

Valid starting     Expires            Service principal
02/01/15 22:23:54  03/01/15 08:23:54  krbtgt/suse.h...@suse.home
        renew until 03/01/15 22:23:54, Etype (skey, tkt): arcfour-hmac, 
arcfour-hmac
02/01/15 22:25:23  03/01/15 08:23:54  rcmd/opensuse13.suse.h...@suse.home
        renew until 03/01/15 22:23:54, Etype (skey, tkt): arcfour-hmac, 
arcfour-hmac

Change user:

# kinit m...@win2003r2.home
Password for m...@win2003r2.home:
# klist -e
Ticket cache: DIR::/run/user/1000/krb5cc/tkt3a1A8Y
Default principal: m...@win2003r2.home

Valid starting     Expires            Service principal
02/01/15 22:30:51  03/01/15 08:30:51  krbtgt/win2003r2.h...@win2003r2.home
        renew until 03/01/15 22:30:44, Etype (skey, tkt): arcfour-hmac, 
arcfour-hmac

# /opt/dante/bin/socksify wget -O /tmp/tmp.out http://www.test.com

# klist -e
Ticket cache: DIR::/run/user/1000/krb5cc/tkt3a1A8Y
Default principal: m...@win2003r2.home

Valid starting     Expires            Service principal
02/01/15 22:30:51  03/01/15 08:30:51  krbtgt/win2003r2.h...@win2003r2.home
        renew until 03/01/15 22:30:44, Etype (skey, tkt): arcfour-hmac, 
arcfour-hmac


I see no service principal and looking at the cache directory I see

ls -ltr /run/user/1000/krb5cc/
total 16
-rw------- 1 markus users    4 Jan  2 22:00 tktrFbVvG
-rw------- 1 markus users 1163 Jan  2 22:25 tkt
-rw------- 1 markus users 1280 Jan  2 22:30 tkt3a1A8Y
-rw------- 1 markus users   10 Jan  2 22:30 primary

and it looks like the client used the tkt file.

# klist -e -c /run/user/1000/krb5cc/tkt
Ticket cache: FILE:/run/user/1000/krb5cc/tkt
Default principal: mar...@suse.home

Valid starting     Expires            Service principal
02/01/15 22:23:54  03/01/15 08:23:54  krbtgt/suse.h...@suse.home
        renew until 03/01/15 22:23:54, Etype (skey, tkt): arcfour-hmac, 
arcfour-hmac
02/01/15 22:25:23  03/01/15 08:23:54  rcmd/opensuse13.suse.h...@suse.home
        renew until 03/01/15 22:23:54, Etype (skey, tkt): arcfour-hmac, 
arcfour-hmac

How do I switch/delete it  ?  kdestroy doesn't

# kdestroy
# ls -ltr /run/user/1000/krb5cc/
total 12
-rw------- 1 markus users    4 Jan  2 22:00 tktrFbVvG
-rw------- 1 markus users 1163 Jan  2 22:25 tkt
-rw------- 1 markus users   10 Jan  2 22:30 primary

  Is this a new expected behaviour ?

Thank you
Markus 


________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos

Behaviour of krb5 1.12

Reply via email to