Re: kinit error

Klaas Hagemann Thu, 13 Mar 2003 04:17:38 -0800

Chee Leong Dew schrieb:

Hi Klass,

Sorry for interrrupting u again, but I really need helps from forum to
solved my problem here. Sorry again for the interruption.

np, that's for what mailing lists are for.

I used klist; it show :
-----------------------------------------------------------------------
[EMAIL PROTECTED] sbin]# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: root/[EMAIL PROTECTED]
Valid starting Expires Service principal 03/12/03 17:47:46 03/13/03 03:47:46 krbtgt/[EMAIL PROTECTED]

So you already have a tgt..... it will expire at 03:47.

Kerberos 4 ticket cache: /tmp/tkt0
klist: You have no tickets cached
-----------------------------------------------------------------------


Then I used kinit to obtain TGT for root/admin:
-----------------------------------------------------------------------
[EMAIL PROTECTED] sbin]# kinit -V root/admin
Password for root/[EMAIL PROTECTED]:
Authenticated to Kerberos v5
-----------------------------------------------------------------------

Then i used klist again :
-----------------------------------------------------------------------
[EMAIL PROTECTED] sbin]# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: root/[EMAIL PROTECTED]

Valid starting Expires Service principal 03/13/03 09:06:07 03/13/03 19:06:07 krbtgt/[EMAIL PROTECTED]

So you got a new ticket expiring at 19:06:07.

Kerberos 4 ticket cache: /tmp/tkt0
klist: You have no tickets cached
-----------------------------------------------------------------------
From the output, I didn't see any new entry is added in.Something like :
Valid starting Expires Service principal 03/13/03 09:06:07 03/13/03 19:06:07 root/admin/[EMAIL PROTECTED]
It is suppose to show a new entry to indicate that a nre TGT is assigned
to principal root/admin ? ?

You can only hold one tgt at once. So if you alreade have a ticket, the old one is destroyed and replaced by the new one.

Actually I am facing problem with JAAS-GSSAPI on this. I try to obtain th TGT from Kerberos so that I can implement single -sign on the client side.

Ok, normally you get the tgt during login-session on the operating system. The application itsselfs need to use this tgt to obtain a service ticket. Normally that is the job of the application, but you can design it as you want to have it of course.

Regards,CL

Klaas

________________________________________________
Kerberos mailing list           [EMAIL PROTECTED]
https://mailman.mit.edu/mailman/listinfo/kerberos

Re: kinit error

Reply via email to