When I run Kinit -S HTTP/server.domain. KDC returns with PRINCIAPL_UNKNOWN error.
>From WireShark, I can see client makes a (KRB 5 )AS-REQ to KDC, but its KDC_REQ_BODY has the server name (principal) as http/server.domain. is this the right behavior? should client sends krbtgt/domain in its request to KDC instead? My understanding is the purpose of AS-REQ is only to get TGT? can someone help me understand this? Thanks, -Yang -----Original Message----- From: Tom Parker [mailto:[email protected]] Sent: Wednesday, May 12, 2010 1:40 PM To: Yang Li Cc: 'Russ Allbery'; [email protected] Subject: Re: error message after kdestroy klist should always fail after a kdestroy kinit should work fine to get you a new TGT On 05/12/2010 01:32 PM, Yang Li wrote: > Thanks Russ for your response. > > What puzzle me is, this behavior is not consistent. Most of time, after > kdestroy, either klist or kinit can still get TGT ticket, but i did get the > error message sometimes after kdestroy, is that odd? > > Thanks, -Yang > > > > > -----Original Message----- > From: [email protected] [mailto:[email protected]] On Behalf > Of Russ Allbery > Sent: Wednesday, May 12, 2010 12:43 PM > To: [email protected] > Subject: Re: error message after kdestroy > > "Yang Li" <[email protected]> writes: > > >> after kdestroy command, i get the following error message on any other >> commands such as klist or kinit. Any idea? >> > >> No credentials cache found while getting default ccache >> > Well... yes. kdestroy destroys the credential cache, so the other > commands now no longer have a credential cache to work with. That's the > whole point of kdestroy. > > ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
