Re: [Cosign-discuss] "Couldn't identify an authenticator for 'username'"

Thu, 29 May 2014 12:22:30 -0700 

>
> Did this start recently?  I wonder if the recent (local) DNS changes might
> have affected how Kerberos clients function.


The splunk logs only go back 6mos, but during that time, we've seen an avg
of 478k of these errors / mo.

Similarly, are there any differences between the two data centers?  (There
> were recent router changes to fix DNS problems on the one of the subnets
> involved.)


The cosign servers are running on two different varieties of hardware
(whitebox and ibm), but I believe the OS images are identical.  I don't
know of any networking differences.

Liam


On Thu, May 29, 2014 at 2:58 PM, Richard Conto <r...@umich.edu> wrote:

> Hi Liam,
>
> Did this start recently?  I wonder if the recent (local) DNS changes might
> have affected how Kerberos clients function.
>
> Similarly, are there any differences between the two data centers?  (There
> were recent router changes to fix DNS problems on the one of the subnets
> involved.)
>
>
> --- Richard Conto
>
> DNA Sequencing Core
> Biomedical Research Core Facilities
> Medical School Administration Office of Research
> NCRC Bldg 14 room 168 -- (734) 764-7620
>
>
> On Thu, May 29, 2014 at 2:18 PM, Liam Hoekenga <li...@umich.edu> wrote:
>
>> Our cosign installation uses kerberos and friend as the primary
>> authenticators.
>> We're getting instances of this error in our logs:
>>
>>     Couldn't identify an authenticator for /USERNAME/
>>
>> I can find where this error occurs in the source code, but I can't really
>> figure out what would trigger it.  The problem usernames all seem to be
>> valid, active kerberos principals, and our logs indicate that sometimes the
>> problem usernames *are* able to authenticate.
>>
>> The failures are initiated by a wide variety of cosign service providers.
>>  They seem to happen in batches - we had ~360 between 14:00 - 14:15 today,
>> though that might be a bad observation.. Splunk shows that we see ~5k-20k
>> of these a day.
>>
>> Any ideas?
>> Liam
>>
>>
>> ------------------------------------------------------------------------------
>> Time is money. Stop wasting it! Get your web API in 5 minutes.
>> www.restlet.com/download
>> http://p.sf.net/sfu/restlet
>> _______________________________________________
>> Cosign-discuss mailing list
>> Cosign-discuss@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/cosign-discuss
>>
>>
>

------------------------------------------------------------------------------
Time is money. Stop wasting it! Get your web API in 5 minutes.
www.restlet.com/download
http://p.sf.net/sfu/restlet
_______________________________________________
Cosign-discuss mailing list
Cosign-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/cosign-discuss

Reply via email to