Created
December 21, 2023 14:38
-
-
Save mbiarnes/c7cfcc3e47669529517a5ea97750d9f1 to your computer and use it in GitHub Desktop.
logFile
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| mbiarnes@mbiarnes ~ $ KRB5_TRACE=/dev/stderr curl --negotiate -u: -v https://errata.devel.redhat.com/advisory/125515.json | |
| * Trying 10.30.44.234:443... | |
| * Connected to errata.devel.redhat.com (10.30.44.234) port 443 (#0) | |
| * ALPN: offers h2 | |
| * ALPN: offers http/1.1 | |
| * CAfile: /etc/pki/tls/certs/ca-bundle.crt | |
| * CApath: none | |
| * TLSv1.0 (OUT), TLS header, Certificate Status (22): | |
| * TLSv1.3 (OUT), TLS handshake, Client hello (1): | |
| * TLSv1.2 (IN), TLS header, Certificate Status (22): | |
| * TLSv1.3 (IN), TLS handshake, Server hello (2): | |
| * TLSv1.2 (IN), TLS header, Certificate Status (22): | |
| * TLSv1.2 (IN), TLS handshake, Certificate (11): | |
| * TLSv1.2 (IN), TLS header, Certificate Status (22): | |
| * TLSv1.2 (IN), TLS handshake, Server key exchange (12): | |
| * TLSv1.2 (IN), TLS header, Certificate Status (22): | |
| * TLSv1.2 (IN), TLS handshake, Server finished (14): | |
| * TLSv1.2 (OUT), TLS header, Certificate Status (22): | |
| * TLSv1.2 (OUT), TLS handshake, Client key exchange (16): | |
| * TLSv1.2 (OUT), TLS header, Finished (20): | |
| * TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1): | |
| * TLSv1.2 (OUT), TLS header, Certificate Status (22): | |
| * TLSv1.2 (OUT), TLS handshake, Finished (20): | |
| * TLSv1.2 (IN), TLS header, Finished (20): | |
| * TLSv1.2 (IN), TLS header, Certificate Status (22): | |
| * TLSv1.2 (IN), TLS handshake, Finished (20): | |
| * SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384 | |
| * ALPN: server accepted http/1.1 | |
| * Server certificate: | |
| * subject: C=US; ST=North Carolina; L=Raleigh; O=Red Hat, Inc.; OU=SP; CN=errata.mpp.engineering.redhat.com; emailAddress=exd-guild-errata@redhat.com | |
| * start date: Dec 13 20:04:41 2023 GMT | |
| * expire date: Dec 7 20:04:41 2024 GMT | |
| * subjectAltName: host "errata.devel.redhat.com" matched cert's "errata.devel.redhat.com" | |
| * issuer: O=Red Hat; OU=prod; CN=2023 Certificate Authority RHCSv2 | |
| * SSL certificate verify ok. | |
| [18918] 1703169332.306591: TXT record _kerberos.vfvwze.internal-router-shard.mpp-e1-prod.9e4s.p1.openshiftapps.com. not found | |
| [18918] 1703169332.306592: TXT record _kerberos.internal-router-shard.mpp-e1-prod.9e4s.p1.openshiftapps.com. not found | |
| [18918] 1703169332.306593: TXT record _kerberos.mpp-e1-prod.9e4s.p1.openshiftapps.com. not found | |
| [18918] 1703169332.306594: TXT record _kerberos.9e4s.p1.openshiftapps.com. not found | |
| [18918] 1703169332.306595: TXT record _kerberos.p1.openshiftapps.com. not found | |
| [18918] 1703169332.306596: TXT record _kerberos.openshiftapps.com. not found | |
| [18918] 1703169332.306597: TXT record _kerberos.com. not found | |
| [18918] 1703169332.306598: ccselect can't find appropriate cache for server principal HTTP/vfvwze.internal-router-shard.mpp-e1-prod.9e4s.p1.openshiftapps.com@INTERNAL-ROUTER-SHARD.MPP-E1-PROD.9E4S.P1.OPENSHIFTAPPS.COM | |
| [18918] 1703169332.306599: Getting credentials mbiarnes@IPA.REDHAT.COM -> HTTP/vfvwze.internal-router-shard.mpp-e1-prod.9e4s.p1.openshiftapps.com@ using ccache KCM:1000 | |
| [18918] 1703169332.306600: Retrieving mbiarnes@IPA.REDHAT.COM -> krb5_ccache_conf_data/start_realm@X-CACHECONF: from KCM:1000 with result: -1765328243/Matching credential not found | |
| [18918] 1703169332.306601: Retrieving mbiarnes@IPA.REDHAT.COM -> HTTP/vfvwze.internal-router-shard.mpp-e1-prod.9e4s.p1.openshiftapps.com@ from KCM:1000 with result: -1765328243/Matching credential not found | |
| [18918] 1703169332.306602: Retrying mbiarnes@IPA.REDHAT.COM -> HTTP/vfvwze.internal-router-shard.mpp-e1-prod.9e4s.p1.openshiftapps.com@IPA.REDHAT.COM with result: -1765328243/Matching credential not found | |
| [18918] 1703169332.306603: Server has referral realm; starting with HTTP/vfvwze.internal-router-shard.mpp-e1-prod.9e4s.p1.openshiftapps.com@IPA.REDHAT.COM | |
| [18918] 1703169332.306604: Retrieving mbiarnes@IPA.REDHAT.COM -> krbtgt/IPA.REDHAT.COM@IPA.REDHAT.COM from KCM:1000 with result: 0/Success | |
| [18918] 1703169332.306605: Starting with TGT for client realm: mbiarnes@IPA.REDHAT.COM -> krbtgt/IPA.REDHAT.COM@IPA.REDHAT.COM | |
| [18918] 1703169332.306606: Requesting tickets for HTTP/vfvwze.internal-router-shard.mpp-e1-prod.9e4s.p1.openshiftapps.com@IPA.REDHAT.COM, referrals on | |
| [18918] 1703169332.306607: Generated subkey for TGS request: aes256-cts/0798 | |
| [18918] 1703169332.306608: etypes requested in TGS request: aes256-cts, aes256-sha2, camellia256-cts, aes128-sha2, aes128-cts, camellia128-cts | |
| [18918] 1703169332.306610: Encoding request body and padata into FAST request | |
| [18918] 1703169332.306611: Sending request (1190 bytes) to IPA.REDHAT.COM | |
| [18918] 1703169332.306612: Sending DNS URI query for _kerberos.IPA.REDHAT.COM. | |
| [18918] 1703169332.306613: URI answer: 0 100 "krb5srv:m:tcp:s2.idm-001.prod.rdu2.dc.redhat.com." | |
| [18918] 1703169332.306614: URI answer: 0 50 "krb5srv:m:tcp:admin1.idm-001.prod.rdu2.dc.redhat.com." | |
| [18918] 1703169332.306615: URI answer: 0 100 "krb5srv:m:udp:s1.idm-001.prod.rdu2.dc.redhat.com." | |
| [18918] 1703169332.306616: URI answer: 0 100 "krb5srv:m:udp:s4.idm-001.prod.rdu2.dc.redhat.com." | |
| [18918] 1703169332.306617: URI answer: 0 50 "krb5srv:m:tcp:s1.idm-001.prod.iad2.dc.redhat.com." | |
| [18918] 1703169332.306618: URI answer: 0 50 "krb5srv:m:tcp:admin1.idm-001.prod.iad2.dc.redhat.com." | |
| [18918] 1703169332.306619: URI answer: 0 50 "krb5srv:m:udp:admin1.idm-001.prod.iad2.dc.redhat.com." | |
| [18918] 1703169332.306620: URI answer: 0 100 "krb5srv:m:tcp:s4.idm-001.prod.rdu2.dc.redhat.com." | |
| [18918] 1703169332.306621: URI answer: 0 100 "krb5srv:m:udp:s2.idm-001.prod.rdu2.dc.redhat.com." | |
| [18918] 1703169332.306622: URI answer: 0 100 "krb5srv:m:udp:s2.idm-001.prod.iad2.dc.redhat.com." | |
| [18918] 1703169332.306623: URI answer: 0 100 "krb5srv:m:udp:s3.idm-001.prod.rdu2.dc.redhat.com." | |
| [18918] 1703169332.306624: URI answer: 0 100 "krb5srv:m:tcp:s1.idm-001.prod.rdu2.dc.redhat.com." | |
| [18918] 1703169332.306625: URI answer: 0 100 "krb5srv:m:tcp:s3.idm-001.prod.rdu2.dc.redhat.com." | |
| [18918] 1703169332.306626: URI answer: 0 50 "krb5srv:m:udp:s1.idm-001.prod.iad2.dc.redhat.com." | |
| [18918] 1703169332.306627: URI answer: 0 50 "krb5srv:m:udp:admin1.idm-001.prod.rdu2.dc.redhat.com." | |
| [18918] 1703169332.306628: URI answer: 0 100 "krb5srv:m:tcp:s2.idm-001.prod.iad2.dc.redhat.com." | |
| [18918] 1703169332.306629: Resolving hostname s2.idm-001.prod.rdu2.dc.redhat.com. | |
| [18918] 1703169332.306630: Initiating TCP connection to stream 10.11.142.181:88 | |
| [18918] 1703169332.306631: Sending TCP request to stream 10.11.142.181:88 | |
| [18918] 1703169332.306632: Received answer (549 bytes) from stream 10.11.142.181:88 | |
| [18918] 1703169332.306633: Terminating TCP connection to stream 10.11.142.181:88 | |
| [18918] 1703169332.306634: Response was from primary KDC | |
| [18918] 1703169332.306635: Decoding FAST response | |
| [18918] 1703169332.306636: TGS request result: -1765328377/Server HTTP/vfvwze.internal-router-shard.mpp-e1-prod.9e4s.p1.openshiftapps.com@IPA.REDHAT.COM not found in Kerberos database | |
| [18918] 1703169332.306637: TXT record _kerberos.vfvwze.internal-router-shard.mpp-e1-prod.9e4s.p1.openshiftapps.com. not found | |
| [18918] 1703169332.306638: TXT record _kerberos.internal-router-shard.mpp-e1-prod.9e4s.p1.openshiftapps.com. not found | |
| [18918] 1703169332.306639: TXT record _kerberos.mpp-e1-prod.9e4s.p1.openshiftapps.com. not found | |
| [18918] 1703169332.306640: TXT record _kerberos.9e4s.p1.openshiftapps.com. not found | |
| [18918] 1703169332.306641: TXT record _kerberos.p1.openshiftapps.com. not found | |
| [18918] 1703169332.306642: TXT record _kerberos.openshiftapps.com. not found | |
| [18918] 1703169332.306643: TXT record _kerberos.com. not found | |
| [18918] 1703169332.306644: Local realm referral failed; trying fallback realm INTERNAL-ROUTER-SHARD.MPP-E1-PROD.9E4S.P1.OPENSHIFTAPPS.COM | |
| [18918] 1703169332.306645: Retrieving mbiarnes@IPA.REDHAT.COM -> krbtgt/INTERNAL-ROUTER-SHARD.MPP-E1-PROD.9E4S.P1.OPENSHIFTAPPS.COM@INTERNAL-ROUTER-SHARD.MPP-E1-PROD.9E4S.P1.OPENSHIFTAPPS.COM from KCM:1000 with result: -1765328243/Matching credential not found | |
| [18918] 1703169332.306646: Retrieving mbiarnes@IPA.REDHAT.COM -> krbtgt/IPA.REDHAT.COM@IPA.REDHAT.COM from KCM:1000 with result: 0/Success | |
| [18918] 1703169332.306647: Starting with TGT for client realm: mbiarnes@IPA.REDHAT.COM -> krbtgt/IPA.REDHAT.COM@IPA.REDHAT.COM | |
| [18918] 1703169333.001236: Retrieving mbiarnes@IPA.REDHAT.COM -> krbtgt/INTERNAL-ROUTER-SHARD.MPP-E1-PROD.9E4S.P1.OPENSHIFTAPPS.COM@INTERNAL-ROUTER-SHARD.MPP-E1-PROD.9E4S.P1.OPENSHIFTAPPS.COM from KCM:1000 with result: -1765328243/Matching credential not found | |
| [18918] 1703169333.001237: Requesting TGT krbtgt/INTERNAL-ROUTER-SHARD.MPP-E1-PROD.9E4S.P1.OPENSHIFTAPPS.COM@IPA.REDHAT.COM using TGT krbtgt/IPA.REDHAT.COM@IPA.REDHAT.COM | |
| [18918] 1703169333.001238: Generated subkey for TGS request: aes256-cts/EC24 | |
| [18918] 1703169333.001239: etypes requested in TGS request: aes256-cts, aes256-sha2, camellia256-cts, aes128-sha2, aes128-cts, camellia128-cts | |
| [18918] 1703169333.001241: Encoding request body and padata into FAST request | |
| [18918] 1703169333.001242: Sending request (1178 bytes) to IPA.REDHAT.COM | |
| [18918] 1703169333.001243: Sending DNS URI query for _kerberos.IPA.REDHAT.COM. | |
| [18918] 1703169333.001244: URI answer: 0 50 "krb5srv:m:tcp:admin1.idm-001.prod.rdu2.dc.redhat.com." | |
| [18918] 1703169333.001245: URI answer: 0 100 "krb5srv:m:udp:s2.idm-001.prod.iad2.dc.redhat.com." | |
| [18918] 1703169333.001246: URI answer: 0 100 "krb5srv:m:udp:s1.idm-001.prod.rdu2.dc.redhat.com." | |
| [18918] 1703169333.001247: URI answer: 0 100 "krb5srv:m:tcp:s1.idm-001.prod.rdu2.dc.redhat.com." | |
| [18918] 1703169333.001248: URI answer: 0 50 "krb5srv:m:udp:admin1.idm-001.prod.iad2.dc.redhat.com." | |
| [18918] 1703169333.001249: URI answer: 0 100 "krb5srv:m:udp:s4.idm-001.prod.rdu2.dc.redhat.com." | |
| [18918] 1703169333.001250: URI answer: 0 100 "krb5srv:m:tcp:s3.idm-001.prod.rdu2.dc.redhat.com." | |
| [18918] 1703169333.001251: URI answer: 0 50 "krb5srv:m:tcp:admin1.idm-001.prod.iad2.dc.redhat.com." | |
| [18918] 1703169333.001252: URI answer: 0 100 "krb5srv:m:tcp:s4.idm-001.prod.rdu2.dc.redhat.com." | |
| [18918] 1703169333.001253: URI answer: 0 100 "krb5srv:m:udp:s3.idm-001.prod.rdu2.dc.redhat.com." | |
| [18918] 1703169333.001254: URI answer: 0 50 "krb5srv:m:udp:s1.idm-001.prod.iad2.dc.redhat.com." | |
| [18918] 1703169333.001255: URI answer: 0 100 "krb5srv:m:tcp:s2.idm-001.prod.iad2.dc.redhat.com." | |
| [18918] 1703169333.001256: URI answer: 0 100 "krb5srv:m:udp:s2.idm-001.prod.rdu2.dc.redhat.com." | |
| [18918] 1703169333.001257: URI answer: 0 100 "krb5srv:m:tcp:s2.idm-001.prod.rdu2.dc.redhat.com." | |
| [18918] 1703169333.001258: URI answer: 0 50 "krb5srv:m:tcp:s1.idm-001.prod.iad2.dc.redhat.com." | |
| [18918] 1703169333.001259: URI answer: 0 50 "krb5srv:m:udp:admin1.idm-001.prod.rdu2.dc.redhat.com." | |
| [18918] 1703169333.001260: Resolving hostname admin1.idm-001.prod.rdu2.dc.redhat.com. | |
| [18918] 1703169333.001261: Initiating TCP connection to stream 10.23.179.22:88 | |
| [18918] 1703169333.001262: Sending TCP request to stream 10.23.179.22:88 | |
| [18918] 1703169333.001263: Received answer (994 bytes) from stream 10.23.179.22:88 | |
| [18918] 1703169333.001264: Terminating TCP connection to stream 10.23.179.22:88 | |
| [18918] 1703169333.001265: Response was from primary KDC | |
| [18918] 1703169333.001266: Decoding FAST response | |
| [18918] 1703169333.001267: FAST reply key: aes256-cts/1C79 | |
| [18918] 1703169333.001268: TGS reply is for mbiarnes@IPA.REDHAT.COM -> krbtgt/REDHAT.COM@IPA.REDHAT.COM with session key aes256-cts/ED0D | |
| [18918] 1703169333.001269: TGS request result: 0/Success | |
| [18918] 1703169333.001270: Received TGT for offpath realm REDHAT.COM | |
| [18918] 1703169333.001271: Requesting TGT krbtgt/INTERNAL-ROUTER-SHARD.MPP-E1-PROD.9E4S.P1.OPENSHIFTAPPS.COM@REDHAT.COM using TGT krbtgt/REDHAT.COM@IPA.REDHAT.COM | |
| [18918] 1703169333.001272: Generated subkey for TGS request: aes256-cts/3628 | |
| [18918] 1703169333.001273: etypes requested in TGS request: aes256-cts, aes256-sha2, camellia256-cts, aes128-sha2, aes128-cts, camellia128-cts | |
| [18918] 1703169333.001275: Encoding request body and padata into FAST request | |
| [18918] 1703169333.001276: Sending request (1124 bytes) to REDHAT.COM | |
| [18918] 1703169333.001277: Sending DNS URI query for _kerberos.REDHAT.COM. | |
| [18918] 1703169333.001278: No URI records found | |
| [18918] 1703169333.001279: Sending DNS SRV query for _kerberos._udp.REDHAT.COM. | |
| [18918] 1703169333.001280: SRV answer: 100 100 88 "kerberos.corp.redhat.com." | |
| [18918] 1703169333.001281: SRV answer: 5 0 88 "kerberos01.core.prod.int.rdu2.redhat.com." | |
| [18918] 1703169333.001282: SRV answer: 10 0 88 "s2.kerb-001.prod.iad2.dc.redhat.com." | |
| [18918] 1703169333.001283: SRV answer: 10 0 88 "s1.kerb-001.prod.iad2.dc.redhat.com." | |
| [18918] 1703169333.001284: SRV answer: 5 0 88 "kerberos02.core.prod.int.rdu2.redhat.com." | |
| [18918] 1703169333.001285: Sending DNS SRV query for _kerberos._tcp.REDHAT.COM. | |
| [18918] 1703169333.001286: SRV answer: 10 0 88 "s1.kerb-001.prod.iad2.dc.redhat.com." | |
| [18918] 1703169333.001287: SRV answer: 5 0 88 "kerberos02.core.prod.int.rdu2.redhat.com." | |
| [18918] 1703169333.001288: SRV answer: 10 0 88 "s2.kerb-001.prod.iad2.dc.redhat.com." | |
| [18918] 1703169333.001289: SRV answer: 5 0 88 "kerberos01.core.prod.int.rdu2.redhat.com." | |
| [18918] 1703169333.001290: SRV answer: 100 100 88 "kerberos.corp.redhat.com." | |
| [18918] 1703169333.001291: Resolving hostname kerberos01.core.prod.int.rdu2.redhat.com. | |
| [18918] 1703169333.001292: Resolving hostname kerberos02.core.prod.int.rdu2.redhat.com. | |
| [18918] 1703169333.001293: Resolving hostname s2.kerb-001.prod.iad2.dc.redhat.com. | |
| [18918] 1703169333.001294: Resolving hostname s1.kerb-001.prod.iad2.dc.redhat.com. | |
| [18918] 1703169333.001295: Resolving hostname kerberos.corp.redhat.com. | |
| [18918] 1703169333.001296: Resolving hostname kerberos02.core.prod.int.rdu2.redhat.com. | |
| [18918] 1703169333.001297: Initiating TCP connection to stream 10.11.189.2:88 | |
| [18918] 1703169333.001298: Sending TCP request to stream 10.11.189.2:88 | |
| [18918] 1703169334.085121: Received answer (563 bytes) from stream 10.11.189.2:88 | |
| [18918] 1703169334.085122: Terminating TCP connection to stream 10.11.189.2:88 | |
| [18918] 1703169334.085123: Response was not from primary KDC | |
| [18918] 1703169334.085124: Decoding FAST response | |
| [18918] 1703169334.085125: TGS request result: -1765328377/Server krbtgt/INTERNAL-ROUTER-SHARD.MPP-E1-PROD.9E4S.P1.OPENSHIFTAPPS.COM@REDHAT.COM not found in Kerberos database | |
| * gss_init_sec_context() failed: Server krbtgt/INTERNAL-ROUTER-SHARD.MPP-E1-PROD.9E4S.P1.OPENSHIFTAPPS.COM@REDHAT.COM not found in Kerberos database. | |
| * Server auth using Negotiate with user '' | |
| * TLSv1.2 (OUT), TLS header, Supplemental data (23): | |
| > GET /advisory/125515.json HTTP/1.1 | |
| > Host: errata.devel.redhat.com | |
| > User-Agent: curl/7.85.0 | |
| > Accept: */* | |
| > | |
| * TLSv1.2 (IN), TLS header, Supplemental data (23): | |
| * Mark bundle as not supporting multiuse | |
| < HTTP/1.1 401 Unauthorized | |
| < Date: Thu, 21 Dec 2023 14:35:34 GMT | |
| < Server: Apache/2.4.37 (Red Hat Enterprise Linux) OpenSSL/1.1.1k mod_auth_gssapi/1.6.1 Phusion_Passenger/6.0.19 | |
| [18918] 1703169334.085133: TXT record _kerberos.vfvwze.internal-router-shard.mpp-e1-prod.9e4s.p1.openshiftapps.com. not found | |
| [18918] 1703169334.085134: TXT record _kerberos.internal-router-shard.mpp-e1-prod.9e4s.p1.openshiftapps.com. not found | |
| [18918] 1703169334.085135: TXT record _kerberos.mpp-e1-prod.9e4s.p1.openshiftapps.com. not found | |
| [18918] 1703169334.085136: TXT record _kerberos.9e4s.p1.openshiftapps.com. not found | |
| [18918] 1703169334.085137: TXT record _kerberos.p1.openshiftapps.com. not found | |
| [18918] 1703169334.085138: TXT record _kerberos.openshiftapps.com. not found | |
| [18918] 1703169334.085139: TXT record _kerberos.com. not found | |
| [18918] 1703169334.085140: ccselect can't find appropriate cache for server principal HTTP/vfvwze.internal-router-shard.mpp-e1-prod.9e4s.p1.openshiftapps.com@INTERNAL-ROUTER-SHARD.MPP-E1-PROD.9E4S.P1.OPENSHIFTAPPS.COM | |
| [18918] 1703169334.085141: Getting credentials mbiarnes@IPA.REDHAT.COM -> HTTP/vfvwze.internal-router-shard.mpp-e1-prod.9e4s.p1.openshiftapps.com@ using ccache KCM:1000 | |
| [18918] 1703169334.085142: Retrieving mbiarnes@IPA.REDHAT.COM -> krb5_ccache_conf_data/start_realm@X-CACHECONF: from KCM:1000 with result: -1765328243/Matching credential not found | |
| [18918] 1703169334.085143: Retrieving mbiarnes@IPA.REDHAT.COM -> HTTP/vfvwze.internal-router-shard.mpp-e1-prod.9e4s.p1.openshiftapps.com@ from KCM:1000 with result: -1765328243/Matching credential not found | |
| [18918] 1703169334.085144: Retrying mbiarnes@IPA.REDHAT.COM -> HTTP/vfvwze.internal-router-shard.mpp-e1-prod.9e4s.p1.openshiftapps.com@IPA.REDHAT.COM with result: -1765328243/Matching credential not found | |
| [18918] 1703169334.085145: Server has referral realm; starting with HTTP/vfvwze.internal-router-shard.mpp-e1-prod.9e4s.p1.openshiftapps.com@IPA.REDHAT.COM | |
| [18918] 1703169334.085146: Retrieving mbiarnes@IPA.REDHAT.COM -> krbtgt/IPA.REDHAT.COM@IPA.REDHAT.COM from KCM:1000 with result: 0/Success | |
| [18918] 1703169334.085147: Starting with TGT for client realm: mbiarnes@IPA.REDHAT.COM -> krbtgt/IPA.REDHAT.COM@IPA.REDHAT.COM | |
| [18918] 1703169334.085148: Requesting tickets for HTTP/vfvwze.internal-router-shard.mpp-e1-prod.9e4s.p1.openshiftapps.com@IPA.REDHAT.COM, referrals on | |
| [18918] 1703169334.085149: Generated subkey for TGS request: aes256-cts/6D97 | |
| [18918] 1703169334.085150: etypes requested in TGS request: aes256-cts, aes256-sha2, camellia256-cts, aes128-sha2, aes128-cts, camellia128-cts | |
| [18918] 1703169334.085152: Encoding request body and padata into FAST request | |
| [18918] 1703169334.085153: Sending request (1190 bytes) to IPA.REDHAT.COM | |
| [18918] 1703169334.085154: Sending DNS URI query for _kerberos.IPA.REDHAT.COM. | |
| [18918] 1703169334.085155: URI answer: 0 50 "krb5srv:m:tcp:admin1.idm-001.prod.iad2.dc.redhat.com." | |
| [18918] 1703169334.085156: URI answer: 0 50 "krb5srv:m:tcp:admin1.idm-001.prod.rdu2.dc.redhat.com." | |
| [18918] 1703169334.085157: URI answer: 0 100 "krb5srv:m:udp:s2.idm-001.prod.rdu2.dc.redhat.com." | |
| [18918] 1703169334.085158: URI answer: 0 50 "krb5srv:m:udp:admin1.idm-001.prod.rdu2.dc.redhat.com." | |
| [18918] 1703169334.085159: URI answer: 0 100 "krb5srv:m:tcp:s1.idm-001.prod.rdu2.dc.redhat.com." | |
| [18918] 1703169334.085160: URI answer: 0 50 "krb5srv:m:udp:s1.idm-001.prod.iad2.dc.redhat.com." | |
| [18918] 1703169334.085161: URI answer: 0 100 "krb5srv:m:udp:s3.idm-001.prod.rdu2.dc.redhat.com." | |
| [18918] 1703169334.085162: URI answer: 0 100 "krb5srv:m:udp:s2.idm-001.prod.iad2.dc.redhat.com." | |
| [18918] 1703169334.085163: URI answer: 0 100 "krb5srv:m:tcp:s2.idm-001.prod.iad2.dc.redhat.com." | |
| [18918] 1703169334.085164: URI answer: 0 100 "krb5srv:m:udp:s1.idm-001.prod.rdu2.dc.redhat.com." | |
| [18918] 1703169334.085165: URI answer: 0 100 "krb5srv:m:tcp:s3.idm-001.prod.rdu2.dc.redhat.com." | |
| [18918] 1703169334.085166: URI answer: 0 50 "krb5srv:m:tcp:s1.idm-001.prod.iad2.dc.redhat.com." | |
| [18918] 1703169334.085167: URI answer: 0 100 "krb5srv:m:udp:s4.idm-001.prod.rdu2.dc.redhat.com." | |
| [18918] 1703169334.085168: URI answer: 0 100 "krb5srv:m:tcp:s2.idm-001.prod.rdu2.dc.redhat.com." | |
| [18918] 1703169334.085169: URI answer: 0 50 "krb5srv:m:udp:admin1.idm-001.prod.iad2.dc.redhat.com." | |
| [18918] 1703169334.085170: URI answer: 0 100 "krb5srv:m:tcp:s4.idm-001.prod.rdu2.dc.redhat.com." | |
| [18918] 1703169334.085171: Resolving hostname admin1.idm-001.prod.iad2.dc.redhat.com. | |
| [18918] 1703169334.085172: Initiating TCP connection to stream 10.2.35.20:88 | |
| [18918] 1703169334.085173: Sending TCP request to stream 10.2.35.20:88 | |
| [18918] 1703169334.085174: Received answer (549 bytes) from stream 10.2.35.20:88 | |
| [18918] 1703169334.085175: Terminating TCP connection to stream 10.2.35.20:88 | |
| [18918] 1703169334.085176: Response was from primary KDC | |
| [18918] 1703169334.085177: Decoding FAST response | |
| [18918] 1703169334.085178: TGS request result: -1765328377/Server HTTP/vfvwze.internal-router-shard.mpp-e1-prod.9e4s.p1.openshiftapps.com@IPA.REDHAT.COM not found in Kerberos database | |
| [18918] 1703169334.085179: TXT record _kerberos.vfvwze.internal-router-shard.mpp-e1-prod.9e4s.p1.openshiftapps.com. not found | |
| [18918] 1703169334.085180: TXT record _kerberos.internal-router-shard.mpp-e1-prod.9e4s.p1.openshiftapps.com. not found | |
| [18918] 1703169334.085181: TXT record _kerberos.mpp-e1-prod.9e4s.p1.openshiftapps.com. not found | |
| [18918] 1703169334.085182: TXT record _kerberos.9e4s.p1.openshiftapps.com. not found | |
| [18918] 1703169334.085183: TXT record _kerberos.p1.openshiftapps.com. not found | |
| [18918] 1703169334.085184: TXT record _kerberos.openshiftapps.com. not found | |
| [18918] 1703169334.085185: TXT record _kerberos.com. not found | |
| [18918] 1703169334.085186: Local realm referral failed; trying fallback realm INTERNAL-ROUTER-SHARD.MPP-E1-PROD.9E4S.P1.OPENSHIFTAPPS.COM | |
| [18918] 1703169334.085187: Retrieving mbiarnes@IPA.REDHAT.COM -> krbtgt/INTERNAL-ROUTER-SHARD.MPP-E1-PROD.9E4S.P1.OPENSHIFTAPPS.COM@INTERNAL-ROUTER-SHARD.MPP-E1-PROD.9E4S.P1.OPENSHIFTAPPS.COM from KCM:1000 with result: -1765328243/Matching credential not found | |
| [18918] 1703169334.085188: Retrieving mbiarnes@IPA.REDHAT.COM -> krbtgt/IPA.REDHAT.COM@IPA.REDHAT.COM from KCM:1000 with result: 0/Success | |
| [18918] 1703169334.085189: Starting with TGT for client realm: mbiarnes@IPA.REDHAT.COM -> krbtgt/IPA.REDHAT.COM@IPA.REDHAT.COM | |
| [18918] 1703169334.085190: Retrieving mbiarnes@IPA.REDHAT.COM -> krbtgt/INTERNAL-ROUTER-SHARD.MPP-E1-PROD.9E4S.P1.OPENSHIFTAPPS.COM@INTERNAL-ROUTER-SHARD.MPP-E1-PROD.9E4S.P1.OPENSHIFTAPPS.COM from KCM:1000 with result: -1765328243/Matching credential not found | |
| [18918] 1703169334.085191: Requesting TGT krbtgt/INTERNAL-ROUTER-SHARD.MPP-E1-PROD.9E4S.P1.OPENSHIFTAPPS.COM@IPA.REDHAT.COM using TGT krbtgt/IPA.REDHAT.COM@IPA.REDHAT.COM | |
| [18918] 1703169334.085192: Generated subkey for TGS request: aes256-cts/C13D | |
| [18918] 1703169334.085193: etypes requested in TGS request: aes256-cts, aes256-sha2, camellia256-cts, aes128-sha2, aes128-cts, camellia128-cts | |
| [18918] 1703169334.085195: Encoding request body and padata into FAST request | |
| [18918] 1703169334.085196: Sending request (1176 bytes) to IPA.REDHAT.COM | |
| [18918] 1703169334.085197: Sending DNS URI query for _kerberos.IPA.REDHAT.COM. | |
| [18918] 1703169334.085198: URI answer: 0 50 "krb5srv:m:tcp:s1.idm-001.prod.iad2.dc.redhat.com." | |
| [18918] 1703169334.085199: URI answer: 0 50 "krb5srv:m:udp:admin1.idm-001.prod.iad2.dc.redhat.com." | |
| [18918] 1703169334.085200: URI answer: 0 100 "krb5srv:m:udp:s4.idm-001.prod.rdu2.dc.redhat.com." | |
| [18918] 1703169334.085201: URI answer: 0 50 "krb5srv:m:udp:s1.idm-001.prod.iad2.dc.redhat.com." | |
| [18918] 1703169334.085202: URI answer: 0 100 "krb5srv:m:udp:s2.idm-001.prod.iad2.dc.redhat.com." | |
| [18918] 1703169334.085203: URI answer: 0 100 "krb5srv:m:tcp:s4.idm-001.prod.rdu2.dc.redhat.com." | |
| [18918] 1703169334.085204: URI answer: 0 100 "krb5srv:m:udp:s3.idm-001.prod.rdu2.dc.redhat.com." | |
| [18918] 1703169334.085205: URI answer: 0 50 "krb5srv:m:udp:admin1.idm-001.prod.rdu2.dc.redhat.com." | |
| [18918] 1703169334.085206: URI answer: 0 100 "krb5srv:m:tcp:s1.idm-001.prod.rdu2.dc.redhat.com." | |
| [18918] 1703169334.085207: URI answer: 0 100 "krb5srv:m:udp:s2.idm-001.prod.rdu2.dc.redhat.com." | |
| [18918] 1703169334.085208: URI answer: 0 100 "krb5srv:m:udp:s1.idm-001.prod.rdu2.dc.redhat.com." | |
| [18918] 1703169334.085209: URI answer: 0 50 "krb5srv:m:tcp:admin1.idm-001.prod.rdu2.dc.redhat.com." | |
| [18918] 1703169334.085210: URI answer: 0 100 "krb5srv:m:tcp:s2.idm-001.prod.iad2.dc.redhat.com." | |
| [18918] 1703169334.085211: URI answer: 0 100 "krb5srv:m:tcp:s3.idm-001.prod.rdu2.dc.redhat.com." | |
| [18918] 1703169334.085212: URI answer: 0 50 "krb5srv:m:tcp:admin1.idm-001.prod.iad2.dc.redhat.com." | |
| [18918] 1703169334.085213: URI answer: 0 100 "krb5srv:m:tcp:s2.idm-001.prod.rdu2.dc.redhat.com." | |
| [18918] 1703169334.085214: Resolving hostname s1.idm-001.prod.iad2.dc.redhat.com. | |
| [18918] 1703169334.085215: Initiating TCP connection to stream 10.2.35.21:88 | |
| [18918] 1703169335.131465: Sending TCP request to stream 10.2.35.21:88 | |
| [18918] 1703169335.131466: Received answer (991 bytes) from stream 10.2.35.21:88 | |
| [18918] 1703169335.131467: Terminating TCP connection to stream 10.2.35.21:88 | |
| [18918] 1703169335.131468: Response was from primary KDC | |
| [18918] 1703169335.131469: Decoding FAST response | |
| [18918] 1703169335.131470: FAST reply key: aes256-cts/6E21 | |
| [18918] 1703169335.131471: TGS reply is for mbiarnes@IPA.REDHAT.COM -> krbtgt/REDHAT.COM@IPA.REDHAT.COM with session key aes256-cts/6B6C | |
| [18918] 1703169335.131472: TGS request result: 0/Success | |
| [18918] 1703169335.131473: Received TGT for offpath realm REDHAT.COM | |
| [18918] 1703169335.131474: Requesting TGT krbtgt/INTERNAL-ROUTER-SHARD.MPP-E1-PROD.9E4S.P1.OPENSHIFTAPPS.COM@REDHAT.COM using TGT krbtgt/REDHAT.COM@IPA.REDHAT.COM | |
| [18918] 1703169335.131475: Generated subkey for TGS request: aes256-cts/47EB | |
| [18918] 1703169335.131476: etypes requested in TGS request: aes256-cts, aes256-sha2, camellia256-cts, aes128-sha2, aes128-cts, camellia128-cts | |
| [18918] 1703169335.131478: Encoding request body and padata into FAST request | |
| [18918] 1703169335.131479: Sending request (1125 bytes) to REDHAT.COM | |
| [18918] 1703169335.131480: Sending DNS URI query for _kerberos.REDHAT.COM. | |
| [18918] 1703169335.131481: No URI records found | |
| [18918] 1703169335.131482: Sending DNS SRV query for _kerberos._udp.REDHAT.COM. | |
| [18918] 1703169335.131483: SRV answer: 10 0 88 "s1.kerb-001.prod.iad2.dc.redhat.com." | |
| [18918] 1703169335.131484: SRV answer: 5 0 88 "kerberos01.core.prod.int.rdu2.redhat.com." | |
| [18918] 1703169335.131485: SRV answer: 5 0 88 "kerberos02.core.prod.int.rdu2.redhat.com." | |
| [18918] 1703169335.131486: SRV answer: 10 0 88 "s2.kerb-001.prod.iad2.dc.redhat.com." | |
| [18918] 1703169335.131487: SRV answer: 100 100 88 "kerberos.corp.redhat.com." | |
| [18918] 1703169335.131488: Sending DNS SRV query for _kerberos._tcp.REDHAT.COM. | |
| [18918] 1703169335.131489: SRV answer: 5 0 88 "kerberos02.core.prod.int.rdu2.redhat.com." | |
| [18918] 1703169335.131490: SRV answer: 10 0 88 "s2.kerb-001.prod.iad2.dc.redhat.com." | |
| [18918] 1703169335.131491: SRV answer: 100 100 88 "kerberos.corp.redhat.com." | |
| [18918] 1703169335.131492: SRV answer: 10 0 88 "s1.kerb-001.prod.iad2.dc.redhat.com." | |
| [18918] 1703169335.131493: SRV answer: 5 0 88 "kerberos01.core.prod.int.rdu2.redhat.com." | |
| [18918] 1703169335.131494: Resolving hostname kerberos01.core.prod.int.rdu2.redhat.com. | |
| [18918] 1703169335.131495: Resolving hostname kerberos02.core.prod.int.rdu2.redhat.com. | |
| [18918] 1703169335.131496: Resolving hostname s1.kerb-001.prod.iad2.dc.redhat.com. | |
| [18918] 1703169335.131497: Resolving hostname s2.kerb-001.prod.iad2.dc.redhat.com. | |
| [18918] 1703169335.131498: Resolving hostname kerberos.corp.redhat.com. | |
| [18918] 1703169335.131499: Resolving hostname kerberos02.core.prod.int.rdu2.redhat.com. | |
| [18918] 1703169335.131500: Initiating TCP connection to stream 10.11.189.2:88 | |
| [18918] 1703169335.131501: Sending TCP request to stream 10.11.189.2:88 | |
| [18918] 1703169335.131502: Received answer (563 bytes) from stream 10.11.189.2:88 | |
| [18918] 1703169335.131503: Terminating TCP connection to stream 10.11.189.2:88 | |
| [18918] 1703169335.131504: Response was not from primary KDC | |
| [18918] 1703169335.131505: Decoding FAST response | |
| [18918] 1703169335.131506: TGS request result: -1765328377/Server krbtgt/INTERNAL-ROUTER-SHARD.MPP-E1-PROD.9E4S.P1.OPENSHIFTAPPS.COM@REDHAT.COM not found in Kerberos database | |
| * gss_init_sec_context() failed: Server krbtgt/INTERNAL-ROUTER-SHARD.MPP-E1-PROD.9E4S.P1.OPENSHIFTAPPS.COM@REDHAT.COM not found in Kerberos database. | |
| < WWW-Authenticate: Negotiate | |
| < WWW-Authenticate: Basic realm="GSSAPI Single Sign On Login" | |
| < X-Frame-Options: SAMEORIGIN | |
| < X-Content-Type-Options: nosniff | |
| < X-XSS-Protection: 1; mode=block | |
| < Last-Modified: Thu, 14 Dec 2023 01:22:37 GMT | |
| < ETag: "bcf-60c6e1e723140" | |
| < Accept-Ranges: bytes | |
| < Content-Length: 3023 | |
| < Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.redhat.com; connect-src 'self'; img-src 'self' data: https://*.redhat.com; style-src 'self' 'unsafe-inline' https://*.redhat.com; font-src 'self' data: https://*.redhat.com; | |
| < Content-Type: text/html; charset=UTF-8 | |
| < | |
| <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> | |
| <html lang="en"> | |
| <head> | |
| <title>Errata System - Unauthorized</title> | |
| <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> | |
| <link href="static_errors.css" rel="stylesheet" type="text/css" /> | |
| </head> | |
| <body> | |
| <div id="errata_system"> | |
| <div id="main_nav"></div> | |
| <div id="content_div"> | |
| <div class="site_message"> | |
| <h1>Unauthorized</h1> | |
| <p> | |
| This server could not verify that you are authorized to access | |
| Errata System. Either are lacking an Errata System account or your | |
| browser is not properly configured to supply the Kerberos credentials | |
| required. | |
| </p> | |
| <h2>Requesting Access</h2> | |
| <p> | |
| To access this service you will need an Errata System account. To request access to the | |
| Production or Stage Errata System or additional roles, you will need to submit a request | |
| through <a href="https://redhat.service-now.com/help?id=rh_search&q=errata%20tool&ct=sc">Service Now</a> | |
| </p> | |
| <p> | |
| To proceed, create an <a href="https://redhat.service-now.com/help?id=sc_cat_item&sys_id=d1a25a641b8ea450d364a645624bcbf5">Errata System Prod - Add New Role</a> ticket. | |
| If you are attempting to access the Staging Errata System create an | |
| <a href="https://redhat.service-now.com/help?id=sc_cat_item&sys_id=16d2e5ab1b568d10d364a645624bcb36">Errata System Stage - Add New Role</a> ticket. | |
| </p> | |
| <p> | |
| See the he <a href="https://errata.devel.redhat.com/documentation/user-guide/">User Guide</a> or the | |
| <a href="https://docs.engineering.redhat.com/display/Errata">Confluence</a> Errata System pages for more | |
| information before using the Errata System once you get access. | |
| </p> | |
| <h2>Kerberos Authentication</h2> | |
| <p> | |
| Errata System has updated its authentication method to meet approved | |
| Red Hat standards. At this time, users are no longer allowed to | |
| authenticate using kerberos ID and password but rather must use kinit | |
| for authentication. | |
| </p> | |
| <p> | |
| Please ensure that you have a current kerberos ticket, (e.g. by running `kinit`). If you are using an IT | |
| supported CSB system, everything should be set up to support you. If you are not, please see this | |
| <a href="https://docs.engineering.redhat.com/pages/viewpage.action?pageId=177385684">FAQ</a> | |
| entry on setting up kerberos for assistance. | |
| </p> | |
| <p> | |
| Please note that it is long standing Red Hat policy that if you choose to run your own system instead of | |
| using CSB, you are fully responsible for ensuring that your system is properly configured, and dealing | |
| with any problems that may result from improper configuration yourself. | |
| </p> | |
| </div> | |
| </div> | |
| <p id="footer">Errata System. Copyright © 2007-2023 Red Hat, Inc. All rights reserved.<br/></p> | |
| </div> | |
| </body> | |
| </html> | |
| * Connection #0 to host errata.devel.redhat.com left intact |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment