[38731] in Kerberos
Re: cTime and KrbError
daemon@ATHENA.MIT.EDU (Greg Hudson)
Tue May 19 14:42:27 2020
To: Luke Hebert <lhebert@cloudera.com>, <kerberos@mit.edu>
From: Greg Hudson <ghudson@mit.edu>
Message-ID: <4c30c99d-712c-d8bc-3fe6-dcecdc7554ee@mit.edu>
Date: Tue, 19 May 2020 14:39:18 -0400
MIME-Version: 1.0
In-Reply-To: <CAH-c_EiN3Lq4yg0rFqKPxGQJFndP90EaGf4ugB0xNZ6mDiogLw@mail.gmail.com>
Content-Language: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
On 5/19/20 10:56 AM, Luke Hebert wrote:
> So I've been searching around trying to understand cTime. While dealing
> with a ticket renewal issue. I know that this is supposed to be the
> client's current time. The question is what conditions cause cTime to print
> out in Java debug as being from 1981. This isn't the start of epoch.
>
> My assumption looking at the RFC for KRBError would suggest to me that
> something went wrong and the authenticator could not decode the request and
> the fields are omitted in the Error response. Thus resulting in a default
> value being printed for what would be a time based field.
For a KRB-ERROR resulting from a TGS request, the MIT krb5 KDC would
normally omit the ctime and cusec fields. It looks like a Heimdal KDC
would copy them from the request authenticator. I don't know what
Microsoft KDCs do.
347262666 does not seem like a recognizable default value; I have no
idea where it could be coming from.
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
