>From: Josh Huber <[EMAIL PROTECTED]> >Newsgroups: gmane.comp.encryption.kerberos.general >Subject: host/*@REALM tickets with ssh, DNS >Reply-To: Josh Huber <[EMAIL PROTECTED]> >Date: Fri, 09 Aug 2002 11:38:30 -0400
... >I have a few general questions: > >1) Here is the output from klist after logging in via ssh. I have ssh >configured to use Kerberos auth, and this appears to be working fine. >Here is the output from klist on my mail server: > >klist: You have no tickets cached >Ticket cache: FILE:/tmp/krb5cc_qKxnke >Default principal: [EMAIL PROTECTED] > >Valid starting Expires Service principal >08/09/02 11:00:14 08/09/02 21:00:14 [EMAIL PROTECTED] >08/09/02 11:00:14 08/09/02 21:00:14 [EMAIL PROTECTED] > >But -- why do I have a ticket with the host/... principal? Perhaps >someone could clue me in on this, or help me determine what's wrong >(if anything). Probably nothing wrong. I've often seen this with KerberosIV and some KerberosV code contains comments that indicate that this will happen. To quote: * Verify the Kerberos ticket-granting ticket just retrieved for the * user. If the Kerberos server doesn't respond, assume the user is * trying to fake us out (since we DID just get a TGT from what is * supposedly our KDC). If the host/<host> service is unknown (i.e., * the local keytab doesn't have it), return success but log the error. ... and I'm sure others will provide a better explanation. ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] http://mailman.mit.edu/mailman/listinfo/kerberos
