Hi all. I am running KDC 1.16.3. The admin tickets are not expired consistently. In the following kadmin snippet, the max_life was set to 5s, max_renewable_life is 0.
--------------- *Mar 25 11:45:09 ygc-kdc-master05.example.com <http://ygc-kdc-master05.example.com> kadmind[18654](Notice): Request: kadm5_init, root/ad...@example.com <ad...@example.com>, success, client=root/ad...@example.com <ad...@example.com>, service=kadmin/ad...@example.com <ad...@example.com>, addr=10.76.50.109, vers=4, flavor=6* *Mar 25 11:45:46 ygc-kdc-master05.example.com <http://ygc-kdc-master05.example.com> kadmind[18654](Notice): Request: kadm5_get_principals, *, success, client=root/ad...@example.com <ad...@example.com>, service=kadmin/ad...@example.com <ad...@example.com>, addr=10.76.50.109* Mar 25 11:48:10 ygc-kdc-master05.example.com kadmind[18654](Notice): Request: kadm5_get_principals, *, success, client=root/ad...@example.com, service=kadmin/ad...@example.com, addr=10.76.50.109 Mar 25 11:48:21 ygc-kdc-master05.example.com kadmind[18654](Notice): Request: kadm5_get_principals, *, success, client=root/ad...@example.com, service=kadmin/ad...@example.com, addr=10.76.50.109 Mar 25 11:53:27 ygc-kdc-master05.example.com kadmind[18654](Error): check_rpcsec_auth: failed inquire_context, stat=786432 Mar 25 11:53:27 ygc-kdc-master05.example.com kadmind[18654](Notice): Authentication attempt failed: 10.76.50.109, GSS-API error strings are: *Mar 25 11:53:27 ygc-kdc-master05.example.com <http://ygc-kdc-master05.example.com> kadmind[18654](Notice): The referenced context has expired* Mar 25 11:53:27 ygc-kdc-master05.example.com kadmind[18654](Notice): Unknown code 0 Mar 25 11:53:27 ygc-kdc-master05.example.com kadmind[18654](Notice): GSS-API error strings complete. Mar 25 11:53:27 ygc-kdc-master05.example.com kadmind[18654](Error): Authentication attempt failed: 10.76.50.109, RPC authentication flavor 6 Mar 25 11:53:27 ygc-kdc-master05.example.com kadmind[18654](Error): check_rpcsec_auth: failed inquire_context, stat=786432 Mar 25 11:53:27 ygc-kdc-master05.example.com kadmind[18654](Notice): Authentication attempt failed: 10.76.50.109, GSS-API error strings are: Mar 25 11:53:27 ygc-kdc-master05.example.com kadmind[18654](Notice): The referenced context has expired Mar 25 11:53:27 ygc-kdc-master05.example.com kadmind[18654](Notice): Unknown code 0 Mar 25 11:53:27 ygc-kdc-master05.example.com kadmind[18654](Notice): GSS-API error strings complete. Mar 25 11:53:27 ygc-kdc-master05.example.com kadmind[18654](Error): Authentication attempt failed: 10.76.50.109, RPC authentication flavor 6 Mar 25 11:53:27 ygc-kdc-master05.example.com kadmind[18654](Error): check_rpcsec_auth: failed inquire_context, stat=786432 Mar 25 11:53:27 ygc-kdc-master05.example.com kadmind[18654](Notice): Authentication attempt failed: 10.76.50.109, GSS-API error strings are: Mar 25 11:53:27 ygc-kdc-master05.example.com kadmind[18654](Notice): The referenced context has expired Mar 25 11:53:27 ygc-kdc-master05.example.com kadmind[18654](Notice): Unknown code 0 Mar 25 11:53:27 ygc-kdc-master05.example.com kadmind[18654](Notice): GSS-API error strings complete. Mar 25 11:53:27 ygc-kdc-master05.example.com kadmind[18654](Error): Authentication attempt failed: 10.76.50.109, RPC authentication flavor 6 --------------- Do I miss something here? Thanks for any ideas! Yegui Cai ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
