[19954] in Kerberos_V5_Development
Spurious tickets when using DNS realm configuration
daemon@ATHENA.MIT.EDU (David Cross)
Wed Jul 24 02:13:44 2019
From: David Cross <david@crossfamilyweb.com>
MIME-Version: 1.0 (1.0)
Message-ID: <4A6F967D-4944-48C4-A9D0-2DB68C3AD9A9@crossfamilyweb.com>
Date: Wed, 24 Jul 2019 02:13:14 -0400
To: <krbdev@mit.edu>
Content-Type: text/plain; charset="utf-8"
Errors-To: krbdev-bounces@mit.edu
Content-Transfer-Encoding: 8bit
I have noticed that when using DNS realm configuration (URI and TXT) records I have spurious kdc requests and ccache entries.
Specifically if I auth as user@REALM and klist I see my tgt as expected. If i then ssh to a host and klist I get 2 tickets:
host/foo@
host/foo@REALM
Additionally on the kdc i see that it additionally requests the tgt again. Reading get_creds.c I think I kind of see what is going on here, it is getting the ‘fallback’ realm (line 124). However i am not fully following the control logic here and certainly not seeing how dns based (mis)configuration is interacting here)
This does work, I’d just like to get rid of the cruft and understand what isn’t right with DNS based configuration.
Thank you
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
