-
-
Save pszafer/7ab47cd7d4de05f965f4c8e9985af8fa to your computer and use it in GitHub Desktop.
SSSD + Password warning
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
includedir /var/lib/sss/pubconf/krb5.include.d/ | |
[logging] | |
default = FILE:/var/log/krb5libs.log | |
[libdefaults] | |
dns_lookup_realm = true | |
dns_lookup_kdc = true | |
ticket_lifetime = 24h | |
renew_lifetime = 7d | |
forwardable = true | |
rdns = false | |
default_realm = POZNAN.TBHYDRO.NET | |
#### DIR include above | |
[plugins] | |
localauth = { | |
module = sssd:/usr/lib/sssd/modules/sssd_krb5_localauth_plugin.so | |
} | |
[libdefaults] | |
udp_preference_limit = 0 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# To opt out of the system crypto-policies configuration of krb5, remove the | |
# symlink at /etc/krb5.conf.d/crypto-policies which will not be recreated. | |
includedir /etc/krb5.conf.d/ | |
[logging] | |
default = FILE:/var/log/krb5libs.log | |
kdc = FILE:/var/log/krb5kdc.log | |
admin_server = FILE:/var/log/kadmind.log | |
[libdefaults] | |
dns_lookup_realm = false | |
ticket_lifetime = 24h | |
renew_lifetime = 7d | |
forwardable = true | |
rdns = false | |
pkinit_anchors = FILE:/etc/pki/tls/certs/ca-bundle.crt | |
spake_preauth_groups = edwards25519 | |
# default_realm = EXAMPLE.COM | |
default_ccache_name = KEYRING:persistent:%{uid} | |
default_tgs_enctypes = rc4-hmac des-cbc-crc des-cbc-md5 | |
defaukt_tkt_enctypes = rc4-hmac des-cbc-crc des-cbc-md5 | |
permitted_enctypes = rc4-hmac des-cbc-crc des-cbc-md5 | |
allow_weak_crypto = true | |
[realms] | |
# EXAMPLE.COM = { | |
# kdc = kerberos.example.com | |
# admin_server = kerberos.example.com | |
# } | |
[domain_realm] | |
# .example.com = EXAMPLE.COM | |
# example.com = EXAMPLE.COM |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
(2021-02-16 10:47:31): [krb5_child[50670]] [main] (0x0400): krb5_child started. | |
(2021-02-16 10:47:31): [krb5_child[50670]] [unpack_buffer] (0x1000): total buffer size: [124] | |
(2021-02-16 10:47:31): [krb5_child[50670]] [unpack_buffer] (0x0100): cmd [241] uid [1175201110] gid [1175200513] validate [true] enterprise principal [true] offline [false] UPN [user.test@INTERNAL.DOMAIN.TLD] | |
(2021-02-16 10:47:31): [krb5_child[50670]] [unpack_buffer] (0x0100): ccname: [KCM:] old_ccname: [KCM:] keytab: [/etc/krb5.keytab] | |
(2021-02-16 10:47:31): [krb5_child[50670]] [check_use_fast] (0x0100): Not using FAST. | |
(2021-02-16 10:47:31): [krb5_child[50670]] [switch_creds] (0x0200): Switch user to [1175201110][1175200513]. | |
(2021-02-16 10:47:31): [krb5_child[50670]] [switch_creds] (0x0200): Switch user to [0][0]. | |
(2021-02-16 10:47:31): [krb5_child[50670]] [k5c_check_old_ccache] (0x4000): Ccache_file is [KCM:] and is not active and TGT is valid. | |
(2021-02-16 10:47:31): [krb5_child[50670]] [k5c_precreate_ccache] (0x4000): Recreating ccache | |
(2021-02-16 10:47:31): [krb5_child[50670]] [privileged_krb5_setup] (0x0080): Cannot open the PAC responder socket | |
(2021-02-16 10:47:31): [krb5_child[50670]] [become_user] (0x0200): Trying to become user [1175201110][1175200513]. | |
(2021-02-16 10:47:31): [krb5_child[50670]] [main] (0x2000): Running as [1175201110][1175200513]. | |
(2021-02-16 10:47:31): [krb5_child[50670]] [set_lifetime_options] (0x0100): No specific renewable lifetime requested. | |
(2021-02-16 10:47:31): [krb5_child[50670]] [set_lifetime_options] (0x0100): No specific lifetime requested. | |
(2021-02-16 10:47:31): [krb5_child[50670]] [set_canonicalize_option] (0x0100): Canonicalization is set to [true] | |
(2021-02-16 10:47:31): [krb5_child[50670]] [main] (0x0400): Will perform online auth | |
(2021-02-16 10:47:31): [krb5_child[50670]] [tgt_req_child] (0x1000): Attempting to get a TGT | |
(2021-02-16 10:47:31): [krb5_child[50670]] [get_and_save_tgt] (0x0400): Attempting kinit for realm [INTERNAL.DOMAIN.TLD] | |
(2021-02-16 10:47:31): [krb5_child[50670]] [sss_child_krb5_trace_cb] (0x4000): [50670] 1613468851.282530: Getting initial credentials for user.test\@INTERNAL.DOMAIN.TLD@INTERNAL.DOMAIN.TLD | |
(2021-02-16 10:47:31): [krb5_child[50670]] [sss_child_krb5_trace_cb] (0x4000): [50670] 1613468851.282531: Unrecognized enctype name in permitted_enctypes: des-cbc-crc | |
(2021-02-16 10:47:31): [krb5_child[50670]] [sss_child_krb5_trace_cb] (0x4000): [50670] 1613468851.282532: Unrecognized enctype name in permitted_enctypes: des-cbc-md5 | |
(2021-02-16 10:47:31): [krb5_child[50670]] [sss_child_krb5_trace_cb] (0x4000): [50670] 1613468851.282534: Sending unauthenticated request | |
(2021-02-16 10:47:31): [krb5_child[50670]] [sss_child_krb5_trace_cb] (0x4000): [50670] 1613468851.282535: Sending request (225 bytes) to INTERNAL.DOMAIN.TLD | |
(2021-02-16 10:47:31): [krb5_child[50670]] [sss_child_krb5_trace_cb] (0x4000): [50670] 1613468851.282536: Sending initial UDP request to dgram 10.8.0.3:88 | |
(2021-02-16 10:47:31): [krb5_child[50670]] [sss_child_krb5_trace_cb] (0x4000): [50670] 1613468851.282537: Received answer (193 bytes) from dgram 10.8.0.3:88 | |
(2021-02-16 10:47:31): [krb5_child[50670]] [sss_child_krb5_trace_cb] (0x4000): [50670] 1613468851.282538: Response was from master KDC | |
(2021-02-16 10:47:31): [krb5_child[50670]] [sss_child_krb5_trace_cb] (0x4000): [50670] 1613468851.282539: Received error from KDC: -1765328359/Additional pre-authentication required | |
(2021-02-16 10:47:31): [krb5_child[50670]] [sss_child_krb5_trace_cb] (0x4000): [50670] 1613468851.282542: Preauthenticating using KDC method data | |
(2021-02-16 10:47:31): [krb5_child[50670]] [sss_child_krb5_trace_cb] (0x4000): [50670] 1613468851.282543: Processing preauth types: PA-PK-AS-REQ (16), PA-PK-AS-REP_OLD (15), PA-ETYPE-INFO (11), PA-ETYPE-INFO2 (19), PA-ENC-TIMESTAMP (2) | |
(2021-02-16 10:47:31): [krb5_child[50670]] [sss_child_krb5_trace_cb] (0x4000): [50670] 1613468851.282544: Selected etype info: etype rc4-hmac, salt "", params "" | |
(2021-02-16 10:47:31): [krb5_child[50670]] [sss_krb5_responder] (0x4000): Got question [password]. | |
(2021-02-16 10:47:31): [krb5_child[50670]] [sss_child_krb5_trace_cb] (0x4000): [50670] 1613468851.282545: AS key obtained for encrypted timestamp: rc4-hmac/00AC | |
(2021-02-16 10:47:31): [krb5_child[50670]] [sss_child_krb5_trace_cb] (0x4000): [50670] 1613468851.282547: Encrypted timestamp (for 1613468851.849811): plain 301AA011180F32303231303231363039343733315AA10502030CF793, encrypted 6BA3E94A6D3525E6AF2DB7607E001533706326DA7B15538F83BF4F5C50408CE8C4D8BAD352C619DA0E7DF8576093F17BA28BF0CC | |
(2021-02-16 10:47:31): [krb5_child[50670]] [sss_child_krb5_trace_cb] (0x4000): [50670] 1613468851.282548: Preauth module encrypted_timestamp (2) (real) returned: 0/Success | |
(2021-02-16 10:47:31): [krb5_child[50670]] [sss_child_krb5_trace_cb] (0x4000): [50670] 1613468851.282549: Produced preauth for next request: PA-ENC-TIMESTAMP (2) | |
(2021-02-16 10:47:31): [krb5_child[50670]] [sss_child_krb5_trace_cb] (0x4000): [50670] 1613468851.282550: Sending request (301 bytes) to INTERNAL.DOMAIN.TLD | |
(2021-02-16 10:47:31): [krb5_child[50670]] [sss_child_krb5_trace_cb] (0x4000): [50670] 1613468851.282551: Sending initial UDP request to dgram 10.8.0.3:88 | |
(2021-02-16 10:47:31): [krb5_child[50670]] [sss_child_krb5_trace_cb] (0x4000): [50670] 1613468851.282552: Received answer (108 bytes) from dgram 10.8.0.3:88 | |
(2021-02-16 10:47:31): [krb5_child[50670]] [sss_child_krb5_trace_cb] (0x4000): [50670] 1613468851.282553: Response was from master KDC | |
(2021-02-16 10:47:31): [krb5_child[50670]] [sss_child_krb5_trace_cb] (0x4000): [50670] 1613468851.282554: Received error from KDC: -1765328332/Response too big for UDP, retry with TCP | |
(2021-02-16 10:47:31): [krb5_child[50670]] [sss_child_krb5_trace_cb] (0x4000): [50670] 1613468851.282555: Request or response is too big for UDP; retrying with TCP | |
(2021-02-16 10:47:31): [krb5_child[50670]] [sss_child_krb5_trace_cb] (0x4000): [50670] 1613468851.282556: Sending request (301 bytes) to INTERNAL.DOMAIN.TLD (tcp only) | |
(2021-02-16 10:47:31): [krb5_child[50670]] [sss_child_krb5_trace_cb] (0x4000): [50670] 1613468851.282557: Initiating TCP connection to stream 10.8.0.3:88 | |
(2021-02-16 10:47:31): [krb5_child[50670]] [sss_child_krb5_trace_cb] (0x4000): [50670] 1613468851.282558: Sending TCP request to stream 10.8.0.3:88 | |
(2021-02-16 10:47:31): [krb5_child[50670]] [sss_child_krb5_trace_cb] (0x4000): [50670] 1613468851.282559: Received answer (1656 bytes) from stream 10.8.0.3:88 | |
(2021-02-16 10:47:31): [krb5_child[50670]] [sss_child_krb5_trace_cb] (0x4000): [50670] 1613468851.282560: Terminating TCP connection to stream 10.8.0.3:88 | |
(2021-02-16 10:47:31): [krb5_child[50670]] [sss_child_krb5_trace_cb] (0x4000): [50670] 1613468851.282561: Response was from master KDC | |
(2021-02-16 10:47:31): [krb5_child[50670]] [sss_child_krb5_trace_cb] (0x4000): [50670] 1613468851.282562: Salt derived from principal: INTERNAL.DOMAIN.TLDuser.test | |
(2021-02-16 10:47:31): [krb5_child[50670]] [sss_child_krb5_trace_cb] (0x4000): [50670] 1613468851.282563: AS key determined by preauth: rc4-hmac/00AC | |
(2021-02-16 10:47:31): [krb5_child[50670]] [sss_child_krb5_trace_cb] (0x4000): [50670] 1613468851.282564: Decrypted AS reply; session key is: rc4-hmac/A4C0 | |
(2021-02-16 10:47:31): [krb5_child[50670]] [sss_child_krb5_trace_cb] (0x4000): [50670] 1613468851.282565: FAST negotiation: unavailable | |
(2021-02-16 10:47:31): [krb5_child[50670]] [sss_krb5_expire_callback_func] (0x2000): exp_time: [375772] | |
(2021-02-16 10:47:31): [krb5_child[50670]] [validate_tgt] (0x2000): Found keytab entry with the realm of the credential. | |
(2021-02-16 10:47:31): [krb5_child[50670]] [sss_child_krb5_trace_cb] (0x4000): [50670] 1613468851.282566: Retrieving TBHTESTCENT$@INTERNAL.DOMAIN.TLD from MEMORY:/etc/krb5.keytab (vno 0, enctype 0) with result: 0/Success | |
(2021-02-16 10:47:31): [krb5_child[50670]] [sss_child_krb5_trace_cb] (0x4000): [50670] 1613468851.282567: Resolving unique ccache of type MEMORY | |
(2021-02-16 10:47:31): [krb5_child[50670]] [sss_child_krb5_trace_cb] (0x4000): [50670] 1613468851.282568: Initializing MEMORY:QuXX3A5 with default princ user.test@INTERNAL.DOMAIN.TLD | |
(2021-02-16 10:47:31): [krb5_child[50670]] [sss_child_krb5_trace_cb] (0x4000): [50670] 1613468851.282569: Storing user.test@INTERNAL.DOMAIN.TLD -> krbtgt/INTERNAL.DOMAIN.TLD@INTERNAL.DOMAIN.TLD in MEMORY:QuXX3A5 | |
(2021-02-16 10:47:31): [krb5_child[50670]] [sss_child_krb5_trace_cb] (0x4000): [50670] 1613468851.282570: Getting credentials user.test@INTERNAL.DOMAIN.TLD -> TBHTESTCENT$@INTERNAL.DOMAIN.TLD using ccache MEMORY:QuXX3A5 | |
(2021-02-16 10:47:31): [krb5_child[50670]] [sss_child_krb5_trace_cb] (0x4000): [50670] 1613468851.282571: Unrecognized enctype name in default_tgs_enctypes: des-cbc-crc | |
(2021-02-16 10:47:31): [krb5_child[50670]] [sss_child_krb5_trace_cb] (0x4000): [50670] 1613468851.282572: Unrecognized enctype name in default_tgs_enctypes: des-cbc-md5 | |
(2021-02-16 10:47:31): [krb5_child[50670]] [sss_child_krb5_trace_cb] (0x4000): [50670] 1613468851.282573: Retrieving user.test@INTERNAL.DOMAIN.TLD -> TBHTESTCENT$@INTERNAL.DOMAIN.TLD from MEMORY:QuXX3A5 with result: -1765328243/Matching credential not found | |
(2021-02-16 10:47:31): [krb5_child[50670]] [sss_child_krb5_trace_cb] (0x4000): [50670] 1613468851.282574: Unrecognized enctype name in default_tgs_enctypes: des-cbc-crc | |
(2021-02-16 10:47:31): [krb5_child[50670]] [sss_child_krb5_trace_cb] (0x4000): [50670] 1613468851.282575: Unrecognized enctype name in default_tgs_enctypes: des-cbc-md5 | |
(2021-02-16 10:47:31): [krb5_child[50670]] [sss_child_krb5_trace_cb] (0x4000): [50670] 1613468851.282576: Retrieving user.test@INTERNAL.DOMAIN.TLD -> krbtgt/INTERNAL.DOMAIN.TLD@INTERNAL.DOMAIN.TLD from MEMORY:QuXX3A5 with result: 0/Success | |
(2021-02-16 10:47:31): [krb5_child[50670]] [sss_child_krb5_trace_cb] (0x4000): [50670] 1613468851.282577: Starting with TGT for client realm: user.test@INTERNAL.DOMAIN.TLD -> krbtgt/INTERNAL.DOMAIN.TLD@INTERNAL.DOMAIN.TLD | |
(2021-02-16 10:47:31): [krb5_child[50670]] [sss_child_krb5_trace_cb] (0x4000): [50670] 1613468851.282578: Requesting tickets for TBHTESTCENT$@INTERNAL.DOMAIN.TLD, referrals on | |
(2021-02-16 10:47:31): [krb5_child[50670]] [sss_child_krb5_trace_cb] (0x4000): [50670] 1613468851.282579: Generated subkey for TGS request: rc4-hmac/4E83 | |
(2021-02-16 10:47:31): [krb5_child[50670]] [sss_child_krb5_trace_cb] (0x4000): [50670] 1613468851.282580: Unrecognized enctype name in default_tgs_enctypes: des-cbc-crc | |
(2021-02-16 10:47:31): [krb5_child[50670]] [sss_child_krb5_trace_cb] (0x4000): [50670] 1613468851.282581: Unrecognized enctype name in default_tgs_enctypes: des-cbc-md5 | |
(2021-02-16 10:47:31): [krb5_child[50670]] [sss_child_krb5_trace_cb] (0x4000): [50670] 1613468851.282582: etypes requested in TGS request: rc4-hmac | |
(2021-02-16 10:47:31): [krb5_child[50670]] [sss_child_krb5_trace_cb] (0x4000): [50670] 1613468851.282584: Encoding request body and padata into FAST request | |
(2021-02-16 10:47:31): [krb5_child[50670]] [sss_child_krb5_trace_cb] (0x4000): [50670] 1613468851.282585: Sending request (1792 bytes) to INTERNAL.DOMAIN.TLD | |
(2021-02-16 10:47:31): [krb5_child[50670]] [sss_child_krb5_trace_cb] (0x4000): [50670] 1613468851.282586: Initiating TCP connection to stream 10.8.0.3:88 | |
(2021-02-16 10:47:31): [krb5_child[50670]] [sss_child_krb5_trace_cb] (0x4000): [50670] 1613468851.282587: Sending TCP request to stream 10.8.0.3:88 | |
(2021-02-16 10:47:31): [krb5_child[50670]] [sss_child_krb5_trace_cb] (0x4000): [50670] 1613468851.282588: Received answer (1837 bytes) from stream 10.8.0.3:88 | |
(2021-02-16 10:47:31): [krb5_child[50670]] [sss_child_krb5_trace_cb] (0x4000): [50670] 1613468851.282589: Terminating TCP connection to stream 10.8.0.3:88 | |
(2021-02-16 10:47:31): [krb5_child[50670]] [sss_child_krb5_trace_cb] (0x4000): [50670] 1613468851.282590: Response was from master KDC | |
(2021-02-16 10:47:31): [krb5_child[50670]] [sss_child_krb5_trace_cb] (0x4000): [50670] 1613468851.282591: Decoding FAST response | |
(2021-02-16 10:47:31): [krb5_child[50670]] [sss_child_krb5_trace_cb] (0x4000): [50670] 1613468851.282592: FAST reply key: rc4-hmac/5964 | |
(2021-02-16 10:47:31): [krb5_child[50670]] [sss_child_krb5_trace_cb] (0x4000): [50670] 1613468851.282593: TGS reply is for user.test@INTERNAL.DOMAIN.TLD -> TBHTESTCENT$@INTERNAL.DOMAIN.TLD with session key rc4-hmac/08C9 | |
(2021-02-16 10:47:31): [krb5_child[50670]] [sss_child_krb5_trace_cb] (0x4000): [50670] 1613468851.282594: TGS request result: 0/Success | |
(2021-02-16 10:47:31): [krb5_child[50670]] [sss_child_krb5_trace_cb] (0x4000): [50670] 1613468851.282595: Received creds for desired service TBHTESTCENT$@INTERNAL.DOMAIN.TLD | |
(2021-02-16 10:47:31): [krb5_child[50670]] [sss_child_krb5_trace_cb] (0x4000): [50670] 1613468851.282596: Storing user.test@INTERNAL.DOMAIN.TLD -> TBHTESTCENT$@INTERNAL.DOMAIN.TLD in MEMORY:QuXX3A5 | |
(2021-02-16 10:47:31): [krb5_child[50670]] [sss_child_krb5_trace_cb] (0x4000): [50670] 1613468851.282597: Creating authenticator for user.test@INTERNAL.DOMAIN.TLD -> TBHTESTCENT$@INTERNAL.DOMAIN.TLD, seqnum 0, subkey (null), session key rc4-hmac/08C9 | |
(2021-02-16 10:47:31): [krb5_child[50670]] [sss_child_krb5_trace_cb] (0x4000): [50670] 1613468851.282599: Retrieving TBHTESTCENT$@INTERNAL.DOMAIN.TLD from MEMORY:/etc/krb5.keytab (vno 2, enctype rc4-hmac) with result: 0/Success | |
(2021-02-16 10:47:31): [krb5_child[50670]] [sss_child_krb5_trace_cb] (0x4000): [50670] 1613468851.282600: Unrecognized enctype name in permitted_enctypes: des-cbc-crc | |
(2021-02-16 10:47:31): [krb5_child[50670]] [sss_child_krb5_trace_cb] (0x4000): [50670] 1613468851.282601: Unrecognized enctype name in permitted_enctypes: des-cbc-md5 | |
(2021-02-16 10:47:31): [krb5_child[50670]] [sss_child_krb5_trace_cb] (0x4000): [50670] 1613468851.282602: Decrypted AP-REQ with specified server principal TBHTESTCENT$@INTERNAL.DOMAIN.TLD: rc4-hmac/6133 | |
(2021-02-16 10:47:31): [krb5_child[50670]] [sss_child_krb5_trace_cb] (0x4000): [50670] 1613468851.282603: AP-REQ ticket: user.test@INTERNAL.DOMAIN.TLD -> TBHTESTCENT$@INTERNAL.DOMAIN.TLD, session key rc4-hmac/08C9 | |
(2021-02-16 10:47:31): [krb5_child[50670]] [sss_child_krb5_trace_cb] (0x4000): [50670] 1613468851.282604: Unrecognized enctype name in permitted_enctypes: des-cbc-crc | |
(2021-02-16 10:47:31): [krb5_child[50670]] [sss_child_krb5_trace_cb] (0x4000): [50670] 1613468851.282605: Unrecognized enctype name in permitted_enctypes: des-cbc-md5 | |
(2021-02-16 10:47:31): [krb5_child[50670]] [sss_child_krb5_trace_cb] (0x4000): [50670] 1613468851.282606: Negotiated enctype based on authenticator: rc4-hmac | |
(2021-02-16 10:47:31): [krb5_child[50670]] [sss_child_krb5_trace_cb] (0x4000): [50670] 1613468851.282607: Initializing MEMORY:rd_req2 with default princ user.test@INTERNAL.DOMAIN.TLD | |
(2021-02-16 10:47:31): [krb5_child[50670]] [sss_child_krb5_trace_cb] (0x4000): [50670] 1613468851.282608: Storing user.test@INTERNAL.DOMAIN.TLD -> TBHTESTCENT$@INTERNAL.DOMAIN.TLD in MEMORY:rd_req2 | |
(2021-02-16 10:47:31): [krb5_child[50670]] [sss_child_krb5_trace_cb] (0x4000): [50670] 1613468851.282609: Destroying ccache MEMORY:QuXX3A5 | |
(2021-02-16 10:47:31): [krb5_child[50670]] [validate_tgt] (0x0400): TGT verified using key for [TBHTESTCENT$@INTERNAL.DOMAIN.TLD]. | |
(2021-02-16 10:47:31): [krb5_child[50670]] [sss_child_krb5_trace_cb] (0x4000): [50670] 1613468851.282610: Retrieving user.test@INTERNAL.DOMAIN.TLD -> TBHTESTCENT$@INTERNAL.DOMAIN.TLD from MEMORY:rd_req2 with result: 0/Success | |
(2021-02-16 10:47:31): [krb5_child[50670]] [sss_child_krb5_trace_cb] (0x4000): [50670] 1613468851.282611: Unrecognized enctype name in permitted_enctypes: des-cbc-crc | |
(2021-02-16 10:47:31): [krb5_child[50670]] [sss_child_krb5_trace_cb] (0x4000): [50670] 1613468851.282612: Unrecognized enctype name in permitted_enctypes: des-cbc-md5 | |
(2021-02-16 10:47:31): [krb5_child[50670]] [sss_child_krb5_trace_cb] (0x4000): [50670] 1613468851.282613: Retrieving TBHTESTCENT$@INTERNAL.DOMAIN.TLD from MEMORY:/etc/krb5.keytab (vno 2, enctype rc4-hmac) with result: 0/Success | |
(2021-02-16 10:47:31): [krb5_child[50670]] [sss_send_pac] (0x0040): sss_pac_make_request failed [-1][2]. | |
(2021-02-16 10:47:31): [krb5_child[50670]] [validate_tgt] (0x0040): sss_send_pac failed, group membership for user with principal [user.test\@INTERNAL.DOMAIN.TLD@INTERNAL.DOMAIN.TLD] might not be correct. | |
(2021-02-16 10:47:31): [krb5_child[50670]] [sss_child_krb5_trace_cb] (0x4000): [50670] 1613468851.282614: Destroying ccache MEMORY:rd_req2 | |
(2021-02-16 10:47:31): [krb5_child[50670]] [get_and_save_tgt] (0x2000): Running as [1175201110][1175200513]. | |
(2021-02-16 10:47:31): [krb5_child[50670]] [sss_get_ccache_name_for_principal] (0x4000): Location: [KCM:] | |
(2021-02-16 10:47:31): [krb5_child[50670]] [sss_get_ccache_name_for_principal] (0x4000): tmp_ccname: [KCM:1175201110:22573] | |
(2021-02-16 10:47:31): [krb5_child[50670]] [create_ccache] (0x4000): Initializing ccache of type [KCM] | |
(2021-02-16 10:47:31): [krb5_child[50670]] [create_ccache] (0x4000): CC supports switch | |
(2021-02-16 10:47:31): [krb5_child[50670]] [create_ccache] (0x4000): returning: 0 | |
(2021-02-16 10:47:31): [krb5_child[50670]] [safe_remove_old_ccache_file] (0x0400): New and old ccache file are the same, none will be deleted. | |
(2021-02-16 10:47:31): [krb5_child[50670]] [k5c_send_data] (0x0200): Received error code 0 | |
(2021-02-16 10:47:31): [krb5_child[50670]] [pack_response_packet] (0x2000): response packet size: [128] | |
(2021-02-16 10:47:31): [krb5_child[50670]] [k5c_send_data] (0x4000): Response sent. | |
(2021-02-16 10:47:31): [krb5_child[50670]] [main] (0x0400): krb5_child completed successfully | |
(2021-02-16 11:03:06): [krb5_child[51007]] [main] (0x0400): krb5_child started. | |
(2021-02-16 11:03:06): [krb5_child[51007]] [unpack_buffer] (0x1000): total buffer size: [124] | |
(2021-02-16 11:03:06): [krb5_child[51007]] [unpack_buffer] (0x0100): cmd [241] uid [1175201110] gid [1175200513] validate [true] enterprise principal [true] offline [false] UPN [user.test@INTERNAL.DOMAIN.TLD] | |
(2021-02-16 11:03:06): [krb5_child[51007]] [unpack_buffer] (0x0100): ccname: [KCM:] old_ccname: [KCM:] keytab: [/etc/krb5.keytab] | |
(2021-02-16 11:03:06): [krb5_child[51007]] [check_use_fast] (0x0100): Not using FAST. | |
(2021-02-16 11:03:06): [krb5_child[51007]] [switch_creds] (0x0200): Switch user to [1175201110][1175200513]. | |
(2021-02-16 11:03:06): [krb5_child[51007]] [switch_creds] (0x0200): Switch user to [0][0]. | |
(2021-02-16 11:03:06): [krb5_child[51007]] [k5c_check_old_ccache] (0x4000): Ccache_file is [KCM:] and is not active and TGT is valid. | |
(2021-02-16 11:03:06): [krb5_child[51007]] [k5c_precreate_ccache] (0x4000): Recreating ccache | |
(2021-02-16 11:03:06): [krb5_child[51007]] [privileged_krb5_setup] (0x0080): Cannot open the PAC responder socket | |
(2021-02-16 11:03:06): [krb5_child[51007]] [become_user] (0x0200): Trying to become user [1175201110][1175200513]. | |
(2021-02-16 11:03:06): [krb5_child[51007]] [main] (0x2000): Running as [1175201110][1175200513]. | |
(2021-02-16 11:03:06): [krb5_child[51007]] [set_lifetime_options] (0x0100): No specific renewable lifetime requested. | |
(2021-02-16 11:03:06): [krb5_child[51007]] [set_lifetime_options] (0x0100): No specific lifetime requested. | |
(2021-02-16 11:03:06): [krb5_child[51007]] [set_canonicalize_option] (0x0100): Canonicalization is set to [true] | |
(2021-02-16 11:03:06): [krb5_child[51007]] [main] (0x0400): Will perform online auth | |
(2021-02-16 11:03:06): [krb5_child[51007]] [tgt_req_child] (0x1000): Attempting to get a TGT | |
(2021-02-16 11:03:06): [krb5_child[51007]] [get_and_save_tgt] (0x0400): Attempting kinit for realm [INTERNAL.DOMAIN.TLD] | |
(2021-02-16 11:03:06): [krb5_child[51007]] [sss_child_krb5_trace_cb] (0x4000): [51007] 1613469786.624226: Getting initial credentials for user.test\@INTERNAL.DOMAIN.TLD@INTERNAL.DOMAIN.TLD | |
(2021-02-16 11:03:06): [krb5_child[51007]] [sss_child_krb5_trace_cb] (0x4000): [51007] 1613469786.624227: Unrecognized enctype name in permitted_enctypes: des-cbc-crc | |
(2021-02-16 11:03:06): [krb5_child[51007]] [sss_child_krb5_trace_cb] (0x4000): [51007] 1613469786.624228: Unrecognized enctype name in permitted_enctypes: des-cbc-md5 | |
(2021-02-16 11:03:06): [krb5_child[51007]] [sss_child_krb5_trace_cb] (0x4000): [51007] 1613469786.624230: Sending unauthenticated request | |
(2021-02-16 11:03:06): [krb5_child[51007]] [sss_child_krb5_trace_cb] (0x4000): [51007] 1613469786.624231: Sending request (225 bytes) to INTERNAL.DOMAIN.TLD | |
(2021-02-16 11:03:06): [krb5_child[51007]] [sss_child_krb5_trace_cb] (0x4000): [51007] 1613469786.624232: Sending initial UDP request to dgram 10.8.0.3:88 | |
(2021-02-16 11:03:06): [krb5_child[51007]] [sss_child_krb5_trace_cb] (0x4000): [51007] 1613469786.624233: Received answer (193 bytes) from dgram 10.8.0.3:88 | |
(2021-02-16 11:03:06): [krb5_child[51007]] [sss_child_krb5_trace_cb] (0x4000): [51007] 1613469786.624234: Response was from master KDC | |
(2021-02-16 11:03:06): [krb5_child[51007]] [sss_child_krb5_trace_cb] (0x4000): [51007] 1613469786.624235: Received error from KDC: -1765328359/Additional pre-authentication required | |
(2021-02-16 11:03:06): [krb5_child[51007]] [sss_child_krb5_trace_cb] (0x4000): [51007] 1613469786.624238: Preauthenticating using KDC method data | |
(2021-02-16 11:03:06): [krb5_child[51007]] [sss_child_krb5_trace_cb] (0x4000): [51007] 1613469786.624239: Processing preauth types: PA-PK-AS-REQ (16), PA-PK-AS-REP_OLD (15), PA-ETYPE-INFO (11), PA-ETYPE-INFO2 (19), PA-ENC-TIMESTAMP (2) | |
(2021-02-16 11:03:06): [krb5_child[51007]] [sss_child_krb5_trace_cb] (0x4000): [51007] 1613469786.624240: Selected etype info: etype rc4-hmac, salt "", params "" | |
(2021-02-16 11:03:06): [krb5_child[51007]] [sss_krb5_responder] (0x4000): Got question [password]. | |
(2021-02-16 11:03:06): [krb5_child[51007]] [sss_child_krb5_trace_cb] (0x4000): [51007] 1613469786.624241: AS key obtained for encrypted timestamp: rc4-hmac/00AC | |
(2021-02-16 11:03:06): [krb5_child[51007]] [sss_child_krb5_trace_cb] (0x4000): [51007] 1613469786.624243: Encrypted timestamp (for 1613469786.172686): plain 301AA011180F32303231303231363130303330365AA105020302A28E, encrypted 66A928A6AAD0988CE10EEC2863D74EDAD797DD7C2E3B0EA10407CB9EB8EC980CC6CE8728BB8F5174096372A47D96946B8526F8DC | |
(2021-02-16 11:03:06): [krb5_child[51007]] [sss_child_krb5_trace_cb] (0x4000): [51007] 1613469786.624244: Preauth module encrypted_timestamp (2) (real) returned: 0/Success | |
(2021-02-16 11:03:06): [krb5_child[51007]] [sss_child_krb5_trace_cb] (0x4000): [51007] 1613469786.624245: Produced preauth for next request: PA-ENC-TIMESTAMP (2) | |
(2021-02-16 11:03:06): [krb5_child[51007]] [sss_child_krb5_trace_cb] (0x4000): [51007] 1613469786.624246: Sending request (301 bytes) to INTERNAL.DOMAIN.TLD | |
(2021-02-16 11:03:06): [krb5_child[51007]] [sss_child_krb5_trace_cb] (0x4000): [51007] 1613469786.624247: Sending initial UDP request to dgram 10.8.0.3:88 | |
(2021-02-16 11:03:06): [krb5_child[51007]] [sss_child_krb5_trace_cb] (0x4000): [51007] 1613469786.624248: Received answer (108 bytes) from dgram 10.8.0.3:88 | |
(2021-02-16 11:03:06): [krb5_child[51007]] [sss_child_krb5_trace_cb] (0x4000): [51007] 1613469786.624249: Response was from master KDC | |
(2021-02-16 11:03:06): [krb5_child[51007]] [sss_child_krb5_trace_cb] (0x4000): [51007] 1613469786.624250: Received error from KDC: -1765328332/Response too big for UDP, retry with TCP | |
(2021-02-16 11:03:06): [krb5_child[51007]] [sss_child_krb5_trace_cb] (0x4000): [51007] 1613469786.624251: Request or response is too big for UDP; retrying with TCP | |
(2021-02-16 11:03:06): [krb5_child[51007]] [sss_child_krb5_trace_cb] (0x4000): [51007] 1613469786.624252: Sending request (301 bytes) to INTERNAL.DOMAIN.TLD (tcp only) | |
(2021-02-16 11:03:06): [krb5_child[51007]] [sss_child_krb5_trace_cb] (0x4000): [51007] 1613469786.624253: Initiating TCP connection to stream 10.8.0.3:88 | |
(2021-02-16 11:03:06): [krb5_child[51007]] [sss_child_krb5_trace_cb] (0x4000): [51007] 1613469786.624254: Sending TCP request to stream 10.8.0.3:88 | |
(2021-02-16 11:03:06): [krb5_child[51007]] [sss_child_krb5_trace_cb] (0x4000): [51007] 1613469786.624255: Received answer (1656 bytes) from stream 10.8.0.3:88 | |
(2021-02-16 11:03:06): [krb5_child[51007]] [sss_child_krb5_trace_cb] (0x4000): [51007] 1613469786.624256: Terminating TCP connection to stream 10.8.0.3:88 | |
(2021-02-16 11:03:06): [krb5_child[51007]] [sss_child_krb5_trace_cb] (0x4000): [51007] 1613469786.624257: Response was from master KDC | |
(2021-02-16 11:03:06): [krb5_child[51007]] [sss_child_krb5_trace_cb] (0x4000): [51007] 1613469786.624258: Salt derived from principal: INTERNAL.DOMAIN.TLDuser.test | |
(2021-02-16 11:03:06): [krb5_child[51007]] [sss_child_krb5_trace_cb] (0x4000): [51007] 1613469786.624259: AS key determined by preauth: rc4-hmac/00AC | |
(2021-02-16 11:03:06): [krb5_child[51007]] [sss_child_krb5_trace_cb] (0x4000): [51007] 1613469786.624260: Decrypted AS reply; session key is: rc4-hmac/7B68 | |
(2021-02-16 11:03:06): [krb5_child[51007]] [sss_child_krb5_trace_cb] (0x4000): [51007] 1613469786.624261: FAST negotiation: unavailable | |
(2021-02-16 11:03:06): [krb5_child[51007]] [sss_krb5_expire_callback_func] (0x2000): exp_time: [374837] | |
(2021-02-16 11:03:06): [krb5_child[51007]] [validate_tgt] (0x2000): Found keytab entry with the realm of the credential. | |
(2021-02-16 11:03:06): [krb5_child[51007]] [sss_child_krb5_trace_cb] (0x4000): [51007] 1613469786.624262: Retrieving TBHTESTCENT$@INTERNAL.DOMAIN.TLD from MEMORY:/etc/krb5.keytab (vno 0, enctype 0) with result: 0/Success | |
(2021-02-16 11:03:06): [krb5_child[51007]] [sss_child_krb5_trace_cb] (0x4000): [51007] 1613469786.624263: Resolving unique ccache of type MEMORY | |
(2021-02-16 11:03:06): [krb5_child[51007]] [sss_child_krb5_trace_cb] (0x4000): [51007] 1613469786.624264: Initializing MEMORY:AvKn1yE with default princ user.test@INTERNAL.DOMAIN.TLD | |
(2021-02-16 11:03:06): [krb5_child[51007]] [sss_child_krb5_trace_cb] (0x4000): [51007] 1613469786.624265: Storing user.test@INTERNAL.DOMAIN.TLD -> krbtgt/INTERNAL.DOMAIN.TLD@INTERNAL.DOMAIN.TLD in MEMORY:AvKn1yE | |
(2021-02-16 11:03:06): [krb5_child[51007]] [sss_child_krb5_trace_cb] (0x4000): [51007] 1613469786.624266: Getting credentials user.test@INTERNAL.DOMAIN.TLD -> TBHTESTCENT$@INTERNAL.DOMAIN.TLD using ccache MEMORY:AvKn1yE | |
(2021-02-16 11:03:06): [krb5_child[51007]] [sss_child_krb5_trace_cb] (0x4000): [51007] 1613469786.624267: Unrecognized enctype name in default_tgs_enctypes: des-cbc-crc | |
(2021-02-16 11:03:06): [krb5_child[51007]] [sss_child_krb5_trace_cb] (0x4000): [51007] 1613469786.624268: Unrecognized enctype name in default_tgs_enctypes: des-cbc-md5 | |
(2021-02-16 11:03:06): [krb5_child[51007]] [sss_child_krb5_trace_cb] (0x4000): [51007] 1613469786.624269: Retrieving user.test@INTERNAL.DOMAIN.TLD -> TBHTESTCENT$@INTERNAL.DOMAIN.TLD from MEMORY:AvKn1yE with result: -1765328243/Matching credential not found | |
(2021-02-16 11:03:06): [krb5_child[51007]] [sss_child_krb5_trace_cb] (0x4000): [51007] 1613469786.624270: Unrecognized enctype name in default_tgs_enctypes: des-cbc-crc | |
(2021-02-16 11:03:06): [krb5_child[51007]] [sss_child_krb5_trace_cb] (0x4000): [51007] 1613469786.624271: Unrecognized enctype name in default_tgs_enctypes: des-cbc-md5 | |
(2021-02-16 11:03:06): [krb5_child[51007]] [sss_child_krb5_trace_cb] (0x4000): [51007] 1613469786.624272: Retrieving user.test@INTERNAL.DOMAIN.TLD -> krbtgt/INTERNAL.DOMAIN.TLD@INTERNAL.DOMAIN.TLD from MEMORY:AvKn1yE with result: 0/Success | |
(2021-02-16 11:03:06): [krb5_child[51007]] [sss_child_krb5_trace_cb] (0x4000): [51007] 1613469786.624273: Starting with TGT for client realm: user.test@INTERNAL.DOMAIN.TLD -> krbtgt/INTERNAL.DOMAIN.TLD@INTERNAL.DOMAIN.TLD | |
(2021-02-16 11:03:06): [krb5_child[51007]] [sss_child_krb5_trace_cb] (0x4000): [51007] 1613469786.624274: Requesting tickets for TBHTESTCENT$@INTERNAL.DOMAIN.TLD, referrals on | |
(2021-02-16 11:03:06): [krb5_child[51007]] [sss_child_krb5_trace_cb] (0x4000): [51007] 1613469786.624275: Generated subkey for TGS request: rc4-hmac/C1E1 | |
(2021-02-16 11:03:06): [krb5_child[51007]] [sss_child_krb5_trace_cb] (0x4000): [51007] 1613469786.624276: Unrecognized enctype name in default_tgs_enctypes: des-cbc-crc | |
(2021-02-16 11:03:06): [krb5_child[51007]] [sss_child_krb5_trace_cb] (0x4000): [51007] 1613469786.624277: Unrecognized enctype name in default_tgs_enctypes: des-cbc-md5 | |
(2021-02-16 11:03:06): [krb5_child[51007]] [sss_child_krb5_trace_cb] (0x4000): [51007] 1613469786.624278: etypes requested in TGS request: rc4-hmac | |
(2021-02-16 11:03:06): [krb5_child[51007]] [sss_child_krb5_trace_cb] (0x4000): [51007] 1613469786.624280: Encoding request body and padata into FAST request | |
(2021-02-16 11:03:06): [krb5_child[51007]] [sss_child_krb5_trace_cb] (0x4000): [51007] 1613469786.624281: Sending request (1792 bytes) to INTERNAL.DOMAIN.TLD | |
(2021-02-16 11:03:06): [krb5_child[51007]] [sss_child_krb5_trace_cb] (0x4000): [51007] 1613469786.624282: Initiating TCP connection to stream 10.8.0.3:88 | |
(2021-02-16 11:03:06): [krb5_child[51007]] [sss_child_krb5_trace_cb] (0x4000): [51007] 1613469786.624283: Sending TCP request to stream 10.8.0.3:88 | |
(2021-02-16 11:03:06): [krb5_child[51007]] [sss_child_krb5_trace_cb] (0x4000): [51007] 1613469786.624284: Received answer (1837 bytes) from stream 10.8.0.3:88 | |
(2021-02-16 11:03:06): [krb5_child[51007]] [sss_child_krb5_trace_cb] (0x4000): [51007] 1613469786.624285: Terminating TCP connection to stream 10.8.0.3:88 | |
(2021-02-16 11:03:06): [krb5_child[51007]] [sss_child_krb5_trace_cb] (0x4000): [51007] 1613469786.624286: Response was from master KDC | |
(2021-02-16 11:03:06): [krb5_child[51007]] [sss_child_krb5_trace_cb] (0x4000): [51007] 1613469786.624287: Decoding FAST response | |
(2021-02-16 11:03:06): [krb5_child[51007]] [sss_child_krb5_trace_cb] (0x4000): [51007] 1613469786.624288: FAST reply key: rc4-hmac/EF7D | |
(2021-02-16 11:03:06): [krb5_child[51007]] [sss_child_krb5_trace_cb] (0x4000): [51007] 1613469786.624289: TGS reply is for user.test@INTERNAL.DOMAIN.TLD -> TBHTESTCENT$@INTERNAL.DOMAIN.TLD with session key rc4-hmac/D6B0 | |
(2021-02-16 11:03:06): [krb5_child[51007]] [sss_child_krb5_trace_cb] (0x4000): [51007] 1613469786.624290: TGS request result: 0/Success | |
(2021-02-16 11:03:06): [krb5_child[51007]] [sss_child_krb5_trace_cb] (0x4000): [51007] 1613469786.624291: Received creds for desired service TBHTESTCENT$@INTERNAL.DOMAIN.TLD | |
(2021-02-16 11:03:06): [krb5_child[51007]] [sss_child_krb5_trace_cb] (0x4000): [51007] 1613469786.624292: Storing user.test@INTERNAL.DOMAIN.TLD -> TBHTESTCENT$@INTERNAL.DOMAIN.TLD in MEMORY:AvKn1yE | |
(2021-02-16 11:03:06): [krb5_child[51007]] [sss_child_krb5_trace_cb] (0x4000): [51007] 1613469786.624293: Creating authenticator for user.test@INTERNAL.DOMAIN.TLD -> TBHTESTCENT$@INTERNAL.DOMAIN.TLD, seqnum 0, subkey (null), session key rc4-hmac/D6B0 | |
(2021-02-16 11:03:06): [krb5_child[51007]] [sss_child_krb5_trace_cb] (0x4000): [51007] 1613469786.624295: Retrieving TBHTESTCENT$@INTERNAL.DOMAIN.TLD from MEMORY:/etc/krb5.keytab (vno 2, enctype rc4-hmac) with result: 0/Success | |
(2021-02-16 11:03:06): [krb5_child[51007]] [sss_child_krb5_trace_cb] (0x4000): [51007] 1613469786.624296: Unrecognized enctype name in permitted_enctypes: des-cbc-crc | |
(2021-02-16 11:03:06): [krb5_child[51007]] [sss_child_krb5_trace_cb] (0x4000): [51007] 1613469786.624297: Unrecognized enctype name in permitted_enctypes: des-cbc-md5 | |
(2021-02-16 11:03:06): [krb5_child[51007]] [sss_child_krb5_trace_cb] (0x4000): [51007] 1613469786.624298: Decrypted AP-REQ with specified server principal TBHTESTCENT$@INTERNAL.DOMAIN.TLD: rc4-hmac/6133 | |
(2021-02-16 11:03:06): [krb5_child[51007]] [sss_child_krb5_trace_cb] (0x4000): [51007] 1613469786.624299: AP-REQ ticket: user.test@INTERNAL.DOMAIN.TLD -> TBHTESTCENT$@INTERNAL.DOMAIN.TLD, session key rc4-hmac/D6B0 | |
(2021-02-16 11:03:06): [krb5_child[51007]] [sss_child_krb5_trace_cb] (0x4000): [51007] 1613469786.624300: Unrecognized enctype name in permitted_enctypes: des-cbc-crc | |
(2021-02-16 11:03:06): [krb5_child[51007]] [sss_child_krb5_trace_cb] (0x4000): [51007] 1613469786.624301: Unrecognized enctype name in permitted_enctypes: des-cbc-md5 | |
(2021-02-16 11:03:06): [krb5_child[51007]] [sss_child_krb5_trace_cb] (0x4000): [51007] 1613469786.624302: Negotiated enctype based on authenticator: rc4-hmac | |
(2021-02-16 11:03:06): [krb5_child[51007]] [sss_child_krb5_trace_cb] (0x4000): [51007] 1613469786.624303: Initializing MEMORY:rd_req2 with default princ user.test@INTERNAL.DOMAIN.TLD | |
(2021-02-16 11:03:06): [krb5_child[51007]] [sss_child_krb5_trace_cb] (0x4000): [51007] 1613469786.624304: Storing user.test@INTERNAL.DOMAIN.TLD -> TBHTESTCENT$@INTERNAL.DOMAIN.TLD in MEMORY:rd_req2 | |
(2021-02-16 11:03:06): [krb5_child[51007]] [sss_child_krb5_trace_cb] (0x4000): [51007] 1613469786.624305: Destroying ccache MEMORY:AvKn1yE | |
(2021-02-16 11:03:06): [krb5_child[51007]] [validate_tgt] (0x0400): TGT verified using key for [TBHTESTCENT$@INTERNAL.DOMAIN.TLD]. | |
(2021-02-16 11:03:06): [krb5_child[51007]] [sss_child_krb5_trace_cb] (0x4000): [51007] 1613469786.624306: Retrieving user.test@INTERNAL.DOMAIN.TLD -> TBHTESTCENT$@INTERNAL.DOMAIN.TLD from MEMORY:rd_req2 with result: 0/Success | |
(2021-02-16 11:03:06): [krb5_child[51007]] [sss_child_krb5_trace_cb] (0x4000): [51007] 1613469786.624307: Unrecognized enctype name in permitted_enctypes: des-cbc-crc | |
(2021-02-16 11:03:06): [krb5_child[51007]] [sss_child_krb5_trace_cb] (0x4000): [51007] 1613469786.624308: Unrecognized enctype name in permitted_enctypes: des-cbc-md5 | |
(2021-02-16 11:03:06): [krb5_child[51007]] [sss_child_krb5_trace_cb] (0x4000): [51007] 1613469786.624309: Retrieving TBHTESTCENT$@INTERNAL.DOMAIN.TLD from MEMORY:/etc/krb5.keytab (vno 2, enctype rc4-hmac) with result: 0/Success | |
(2021-02-16 11:03:06): [krb5_child[51007]] [sss_send_pac] (0x0040): sss_pac_make_request failed [-1][2]. | |
(2021-02-16 11:03:06): [krb5_child[51007]] [validate_tgt] (0x0040): sss_send_pac failed, group membership for user with principal [user.test\@INTERNAL.DOMAIN.TLD@INTERNAL.DOMAIN.TLD] might not be correct. | |
(2021-02-16 11:03:06): [krb5_child[51007]] [sss_child_krb5_trace_cb] (0x4000): [51007] 1613469786.624310: Destroying ccache MEMORY:rd_req2 | |
(2021-02-16 11:03:06): [krb5_child[51007]] [get_and_save_tgt] (0x2000): Running as [1175201110][1175200513]. | |
(2021-02-16 11:03:06): [krb5_child[51007]] [sss_get_ccache_name_for_principal] (0x4000): Location: [KCM:] | |
(2021-02-16 11:03:06): [krb5_child[51007]] [sss_get_ccache_name_for_principal] (0x4000): tmp_ccname: [KCM:1175201110:22573] | |
(2021-02-16 11:03:06): [krb5_child[51007]] [create_ccache] (0x4000): Initializing ccache of type [KCM] | |
(2021-02-16 11:03:06): [krb5_child[51007]] [create_ccache] (0x4000): CC supports switch | |
(2021-02-16 11:03:07): [krb5_child[51007]] [create_ccache] (0x4000): returning: 0 | |
(2021-02-16 11:03:07): [krb5_child[51007]] [safe_remove_old_ccache_file] (0x0400): New and old ccache file are the same, none will be deleted. | |
(2021-02-16 11:03:07): [krb5_child[51007]] [k5c_send_data] (0x0200): Received error code 0 | |
(2021-02-16 11:03:07): [krb5_child[51007]] [pack_response_packet] (0x2000): response packet size: [128] | |
(2021-02-16 11:03:07): [krb5_child[51007]] [k5c_send_data] (0x4000): Response sent. | |
(2021-02-16 11:03:07): [krb5_child[51007]] [main] (0x0400): krb5_child completed successfully | |
(2021-02-16 11:03:45): [krb5_child[51199]] [main] (0x0400): krb5_child started. | |
(2021-02-16 11:03:45): [krb5_child[51199]] [unpack_buffer] (0x1000): total buffer size: [124] | |
(2021-02-16 11:03:45): [krb5_child[51199]] [unpack_buffer] (0x0100): cmd [241] uid [1175201110] gid [1175200513] validate [true] enterprise principal [true] offline [false] UPN [user.test@INTERNAL.DOMAIN.TLD] | |
(2021-02-16 11:03:45): [krb5_child[51199]] [unpack_buffer] (0x0100): ccname: [KCM:] old_ccname: [KCM:] keytab: [/etc/krb5.keytab] | |
(2021-02-16 11:03:45): [krb5_child[51199]] [check_use_fast] (0x0100): Not using FAST. | |
(2021-02-16 11:03:45): [krb5_child[51199]] [switch_creds] (0x0200): Switch user to [1175201110][1175200513]. | |
(2021-02-16 11:03:45): [krb5_child[51199]] [switch_creds] (0x0200): Switch user to [0][0]. | |
(2021-02-16 11:03:45): [krb5_child[51199]] [k5c_check_old_ccache] (0x4000): Ccache_file is [KCM:] and is not active and TGT is valid. | |
(2021-02-16 11:03:45): [krb5_child[51199]] [k5c_precreate_ccache] (0x4000): Recreating ccache | |
(2021-02-16 11:03:45): [krb5_child[51199]] [privileged_krb5_setup] (0x0080): Cannot open the PAC responder socket | |
(2021-02-16 11:03:45): [krb5_child[51199]] [become_user] (0x0200): Trying to become user [1175201110][1175200513]. | |
(2021-02-16 11:03:45): [krb5_child[51199]] [main] (0x2000): Running as [1175201110][1175200513]. | |
(2021-02-16 11:03:45): [krb5_child[51199]] [set_lifetime_options] (0x0100): No specific renewable lifetime requested. | |
(2021-02-16 11:03:45): [krb5_child[51199]] [set_lifetime_options] (0x0100): No specific lifetime requested. | |
(2021-02-16 11:03:45): [krb5_child[51199]] [set_canonicalize_option] (0x0100): Canonicalization is set to [true] | |
(2021-02-16 11:03:45): [krb5_child[51199]] [main] (0x0400): Will perform online auth | |
(2021-02-16 11:03:45): [krb5_child[51199]] [tgt_req_child] (0x1000): Attempting to get a TGT | |
(2021-02-16 11:03:45): [krb5_child[51199]] [get_and_save_tgt] (0x0400): Attempting kinit for realm [INTERNAL.DOMAIN.TLD] | |
(2021-02-16 11:03:45): [krb5_child[51199]] [sss_child_krb5_trace_cb] (0x4000): [51199] 1613469825.574867: Getting initial credentials for user.test\@INTERNAL.DOMAIN.TLD@INTERNAL.DOMAIN.TLD | |
(2021-02-16 11:03:45): [krb5_child[51199]] [sss_child_krb5_trace_cb] (0x4000): [51199] 1613469825.574868: Unrecognized enctype name in permitted_enctypes: des-cbc-crc | |
(2021-02-16 11:03:45): [krb5_child[51199]] [sss_child_krb5_trace_cb] (0x4000): [51199] 1613469825.574869: Unrecognized enctype name in permitted_enctypes: des-cbc-md5 | |
(2021-02-16 11:03:45): [krb5_child[51199]] [sss_child_krb5_trace_cb] (0x4000): [51199] 1613469825.574871: Sending unauthenticated request | |
(2021-02-16 11:03:45): [krb5_child[51199]] [sss_child_krb5_trace_cb] (0x4000): [51199] 1613469825.574872: Sending request (225 bytes) to INTERNAL.DOMAIN.TLD | |
(2021-02-16 11:03:45): [krb5_child[51199]] [sss_child_krb5_trace_cb] (0x4000): [51199] 1613469825.574873: Sending initial UDP request to dgram 10.8.0.3:88 | |
(2021-02-16 11:03:45): [krb5_child[51199]] [sss_child_krb5_trace_cb] (0x4000): [51199] 1613469825.574874: Received answer (193 bytes) from dgram 10.8.0.3:88 | |
(2021-02-16 11:03:45): [krb5_child[51199]] [sss_child_krb5_trace_cb] (0x4000): [51199] 1613469825.574875: Response was from master KDC | |
(2021-02-16 11:03:45): [krb5_child[51199]] [sss_child_krb5_trace_cb] (0x4000): [51199] 1613469825.574876: Received error from KDC: -1765328359/Additional pre-authentication required | |
(2021-02-16 11:03:45): [krb5_child[51199]] [sss_child_krb5_trace_cb] (0x4000): [51199] 1613469825.574879: Preauthenticating using KDC method data | |
(2021-02-16 11:03:45): [krb5_child[51199]] [sss_child_krb5_trace_cb] (0x4000): [51199] 1613469825.574880: Processing preauth types: PA-PK-AS-REQ (16), PA-PK-AS-REP_OLD (15), PA-ETYPE-INFO (11), PA-ETYPE-INFO2 (19), PA-ENC-TIMESTAMP (2) | |
(2021-02-16 11:03:45): [krb5_child[51199]] [sss_child_krb5_trace_cb] (0x4000): [51199] 1613469825.574881: Selected etype info: etype rc4-hmac, salt "", params "" | |
(2021-02-16 11:03:45): [krb5_child[51199]] [sss_krb5_responder] (0x4000): Got question [password]. | |
(2021-02-16 11:03:45): [krb5_child[51199]] [sss_child_krb5_trace_cb] (0x4000): [51199] 1613469825.574882: AS key obtained for encrypted timestamp: rc4-hmac/00AC | |
(2021-02-16 11:03:45): [krb5_child[51199]] [sss_child_krb5_trace_cb] (0x4000): [51199] 1613469825.574884: Encrypted timestamp (for 1613469825.614069): plain 301AA011180F32303231303231363130303334355AA1050203095EB5, encrypted 3573C77FEE91C22C37FE3D21AF88FC223ABB1BB4244304BEC8E0BBF38AAF5D6A4C72CF6BE4F05DE60B3C433963D69416F183D542 | |
(2021-02-16 11:03:45): [krb5_child[51199]] [sss_child_krb5_trace_cb] (0x4000): [51199] 1613469825.574885: Preauth module encrypted_timestamp (2) (real) returned: 0/Success | |
(2021-02-16 11:03:45): [krb5_child[51199]] [sss_child_krb5_trace_cb] (0x4000): [51199] 1613469825.574886: Produced preauth for next request: PA-ENC-TIMESTAMP (2) | |
(2021-02-16 11:03:45): [krb5_child[51199]] [sss_child_krb5_trace_cb] (0x4000): [51199] 1613469825.574887: Sending request (301 bytes) to INTERNAL.DOMAIN.TLD | |
(2021-02-16 11:03:45): [krb5_child[51199]] [sss_child_krb5_trace_cb] (0x4000): [51199] 1613469825.574888: Sending initial UDP request to dgram 10.8.0.3:88 | |
(2021-02-16 11:03:45): [krb5_child[51199]] [sss_child_krb5_trace_cb] (0x4000): [51199] 1613469825.574889: Received answer (108 bytes) from dgram 10.8.0.3:88 | |
(2021-02-16 11:03:45): [krb5_child[51199]] [sss_child_krb5_trace_cb] (0x4000): [51199] 1613469825.574890: Response was from master KDC | |
(2021-02-16 11:03:45): [krb5_child[51199]] [sss_child_krb5_trace_cb] (0x4000): [51199] 1613469825.574891: Received error from KDC: -1765328332/Response too big for UDP, retry with TCP | |
(2021-02-16 11:03:45): [krb5_child[51199]] [sss_child_krb5_trace_cb] (0x4000): [51199] 1613469825.574892: Request or response is too big for UDP; retrying with TCP | |
(2021-02-16 11:03:45): [krb5_child[51199]] [sss_child_krb5_trace_cb] (0x4000): [51199] 1613469825.574893: Sending request (301 bytes) to INTERNAL.DOMAIN.TLD (tcp only) | |
(2021-02-16 11:03:45): [krb5_child[51199]] [sss_child_krb5_trace_cb] (0x4000): [51199] 1613469825.574894: Initiating TCP connection to stream 10.8.0.3:88 | |
(2021-02-16 11:03:45): [krb5_child[51199]] [sss_child_krb5_trace_cb] (0x4000): [51199] 1613469825.574895: Sending TCP request to stream 10.8.0.3:88 | |
(2021-02-16 11:03:45): [krb5_child[51199]] [sss_child_krb5_trace_cb] (0x4000): [51199] 1613469825.574896: Received answer (1656 bytes) from stream 10.8.0.3:88 | |
(2021-02-16 11:03:45): [krb5_child[51199]] [sss_child_krb5_trace_cb] (0x4000): [51199] 1613469825.574897: Terminating TCP connection to stream 10.8.0.3:88 | |
(2021-02-16 11:03:45): [krb5_child[51199]] [sss_child_krb5_trace_cb] (0x4000): [51199] 1613469825.574898: Response was from master KDC | |
(2021-02-16 11:03:45): [krb5_child[51199]] [sss_child_krb5_trace_cb] (0x4000): [51199] 1613469825.574899: Salt derived from principal: INTERNAL.DOMAIN.TLDuser.test | |
(2021-02-16 11:03:45): [krb5_child[51199]] [sss_child_krb5_trace_cb] (0x4000): [51199] 1613469825.574900: AS key determined by preauth: rc4-hmac/00AC | |
(2021-02-16 11:03:45): [krb5_child[51199]] [sss_child_krb5_trace_cb] (0x4000): [51199] 1613469825.574901: Decrypted AS reply; session key is: rc4-hmac/343F | |
(2021-02-16 11:03:45): [krb5_child[51199]] [sss_child_krb5_trace_cb] (0x4000): [51199] 1613469825.574902: FAST negotiation: unavailable | |
(2021-02-16 11:03:45): [krb5_child[51199]] [sss_krb5_expire_callback_func] (0x2000): exp_time: [374798] | |
(2021-02-16 11:03:45): [krb5_child[51199]] [validate_tgt] (0x2000): Found keytab entry with the realm of the credential. | |
(2021-02-16 11:03:45): [krb5_child[51199]] [sss_child_krb5_trace_cb] (0x4000): [51199] 1613469825.574903: Retrieving TBHTESTCENT$@INTERNAL.DOMAIN.TLD from MEMORY:/etc/krb5.keytab (vno 0, enctype 0) with result: 0/Success | |
(2021-02-16 11:03:45): [krb5_child[51199]] [sss_child_krb5_trace_cb] (0x4000): [51199] 1613469825.574904: Resolving unique ccache of type MEMORY | |
(2021-02-16 11:03:45): [krb5_child[51199]] [sss_child_krb5_trace_cb] (0x4000): [51199] 1613469825.574905: Initializing MEMORY:KIAaJt3 with default princ user.test@INTERNAL.DOMAIN.TLD | |
(2021-02-16 11:03:45): [krb5_child[51199]] [sss_child_krb5_trace_cb] (0x4000): [51199] 1613469825.574906: Storing user.test@INTERNAL.DOMAIN.TLD -> krbtgt/INTERNAL.DOMAIN.TLD@INTERNAL.DOMAIN.TLD in MEMORY:KIAaJt3 | |
(2021-02-16 11:03:45): [krb5_child[51199]] [sss_child_krb5_trace_cb] (0x4000): [51199] 1613469825.574907: Getting credentials user.test@INTERNAL.DOMAIN.TLD -> TBHTESTCENT$@INTERNAL.DOMAIN.TLD using ccache MEMORY:KIAaJt3 | |
(2021-02-16 11:03:45): [krb5_child[51199]] [sss_child_krb5_trace_cb] (0x4000): [51199] 1613469825.574908: Unrecognized enctype name in default_tgs_enctypes: des-cbc-crc | |
(2021-02-16 11:03:45): [krb5_child[51199]] [sss_child_krb5_trace_cb] (0x4000): [51199] 1613469825.574909: Unrecognized enctype name in default_tgs_enctypes: des-cbc-md5 | |
(2021-02-16 11:03:45): [krb5_child[51199]] [sss_child_krb5_trace_cb] (0x4000): [51199] 1613469825.574910: Retrieving user.test@INTERNAL.DOMAIN.TLD -> TBHTESTCENT$@INTERNAL.DOMAIN.TLD from MEMORY:KIAaJt3 with result: -1765328243/Matching credential not found | |
(2021-02-16 11:03:45): [krb5_child[51199]] [sss_child_krb5_trace_cb] (0x4000): [51199] 1613469825.574911: Unrecognized enctype name in default_tgs_enctypes: des-cbc-crc | |
(2021-02-16 11:03:45): [krb5_child[51199]] [sss_child_krb5_trace_cb] (0x4000): [51199] 1613469825.574912: Unrecognized enctype name in default_tgs_enctypes: des-cbc-md5 | |
(2021-02-16 11:03:45): [krb5_child[51199]] [sss_child_krb5_trace_cb] (0x4000): [51199] 1613469825.574913: Retrieving user.test@INTERNAL.DOMAIN.TLD -> krbtgt/INTERNAL.DOMAIN.TLD@INTERNAL.DOMAIN.TLD from MEMORY:KIAaJt3 with result: 0/Success | |
(2021-02-16 11:03:45): [krb5_child[51199]] [sss_child_krb5_trace_cb] (0x4000): [51199] 1613469825.574914: Starting with TGT for client realm: user.test@INTERNAL.DOMAIN.TLD -> krbtgt/INTERNAL.DOMAIN.TLD@INTERNAL.DOMAIN.TLD | |
(2021-02-16 11:03:45): [krb5_child[51199]] [sss_child_krb5_trace_cb] (0x4000): [51199] 1613469825.574915: Requesting tickets for TBHTESTCENT$@INTERNAL.DOMAIN.TLD, referrals on | |
(2021-02-16 11:03:45): [krb5_child[51199]] [sss_child_krb5_trace_cb] (0x4000): [51199] 1613469825.574916: Generated subkey for TGS request: rc4-hmac/47F0 | |
(2021-02-16 11:03:45): [krb5_child[51199]] [sss_child_krb5_trace_cb] (0x4000): [51199] 1613469825.574917: Unrecognized enctype name in default_tgs_enctypes: des-cbc-crc | |
(2021-02-16 11:03:45): [krb5_child[51199]] [sss_child_krb5_trace_cb] (0x4000): [51199] 1613469825.574918: Unrecognized enctype name in default_tgs_enctypes: des-cbc-md5 | |
(2021-02-16 11:03:45): [krb5_child[51199]] [sss_child_krb5_trace_cb] (0x4000): [51199] 1613469825.574919: etypes requested in TGS request: rc4-hmac | |
(2021-02-16 11:03:45): [krb5_child[51199]] [sss_child_krb5_trace_cb] (0x4000): [51199] 1613469825.574921: Encoding request body and padata into FAST request | |
(2021-02-16 11:03:45): [krb5_child[51199]] [sss_child_krb5_trace_cb] (0x4000): [51199] 1613469825.574922: Sending request (1792 bytes) to INTERNAL.DOMAIN.TLD | |
(2021-02-16 11:03:45): [krb5_child[51199]] [sss_child_krb5_trace_cb] (0x4000): [51199] 1613469825.574923: Initiating TCP connection to stream 10.8.0.3:88 | |
(2021-02-16 11:03:45): [krb5_child[51199]] [sss_child_krb5_trace_cb] (0x4000): [51199] 1613469825.574924: Sending TCP request to stream 10.8.0.3:88 | |
(2021-02-16 11:03:45): [krb5_child[51199]] [sss_child_krb5_trace_cb] (0x4000): [51199] 1613469825.574925: Received answer (1837 bytes) from stream 10.8.0.3:88 | |
(2021-02-16 11:03:45): [krb5_child[51199]] [sss_child_krb5_trace_cb] (0x4000): [51199] 1613469825.574926: Terminating TCP connection to stream 10.8.0.3:88 | |
(2021-02-16 11:03:45): [krb5_child[51199]] [sss_child_krb5_trace_cb] (0x4000): [51199] 1613469825.574927: Response was from master KDC | |
(2021-02-16 11:03:45): [krb5_child[51199]] [sss_child_krb5_trace_cb] (0x4000): [51199] 1613469825.574928: Decoding FAST response | |
(2021-02-16 11:03:45): [krb5_child[51199]] [sss_child_krb5_trace_cb] (0x4000): [51199] 1613469825.574929: FAST reply key: rc4-hmac/A975 | |
(2021-02-16 11:03:45): [krb5_child[51199]] [sss_child_krb5_trace_cb] (0x4000): [51199] 1613469825.574930: TGS reply is for user.test@INTERNAL.DOMAIN.TLD -> TBHTESTCENT$@INTERNAL.DOMAIN.TLD with session key rc4-hmac/87BF | |
(2021-02-16 11:03:45): [krb5_child[51199]] [sss_child_krb5_trace_cb] (0x4000): [51199] 1613469825.574931: TGS request result: 0/Success | |
(2021-02-16 11:03:45): [krb5_child[51199]] [sss_child_krb5_trace_cb] (0x4000): [51199] 1613469825.574932: Received creds for desired service TBHTESTCENT$@INTERNAL.DOMAIN.TLD | |
(2021-02-16 11:03:45): [krb5_child[51199]] [sss_child_krb5_trace_cb] (0x4000): [51199] 1613469825.574933: Storing user.test@INTERNAL.DOMAIN.TLD -> TBHTESTCENT$@INTERNAL.DOMAIN.TLD in MEMORY:KIAaJt3 | |
(2021-02-16 11:03:45): [krb5_child[51199]] [sss_child_krb5_trace_cb] (0x4000): [51199] 1613469825.574934: Creating authenticator for user.test@INTERNAL.DOMAIN.TLD -> TBHTESTCENT$@INTERNAL.DOMAIN.TLD, seqnum 0, subkey (null), session key rc4-hmac/87BF | |
(2021-02-16 11:03:45): [krb5_child[51199]] [sss_child_krb5_trace_cb] (0x4000): [51199] 1613469825.574936: Retrieving TBHTESTCENT$@INTERNAL.DOMAIN.TLD from MEMORY:/etc/krb5.keytab (vno 2, enctype rc4-hmac) with result: 0/Success | |
(2021-02-16 11:03:45): [krb5_child[51199]] [sss_child_krb5_trace_cb] (0x4000): [51199] 1613469825.574937: Unrecognized enctype name in permitted_enctypes: des-cbc-crc | |
(2021-02-16 11:03:45): [krb5_child[51199]] [sss_child_krb5_trace_cb] (0x4000): [51199] 1613469825.574938: Unrecognized enctype name in permitted_enctypes: des-cbc-md5 | |
(2021-02-16 11:03:45): [krb5_child[51199]] [sss_child_krb5_trace_cb] (0x4000): [51199] 1613469825.574939: Decrypted AP-REQ with specified server principal TBHTESTCENT$@INTERNAL.DOMAIN.TLD: rc4-hmac/6133 | |
(2021-02-16 11:03:45): [krb5_child[51199]] [sss_child_krb5_trace_cb] (0x4000): [51199] 1613469825.574940: AP-REQ ticket: user.test@INTERNAL.DOMAIN.TLD -> TBHTESTCENT$@INTERNAL.DOMAIN.TLD, session key rc4-hmac/87BF | |
(2021-02-16 11:03:45): [krb5_child[51199]] [sss_child_krb5_trace_cb] (0x4000): [51199] 1613469825.574941: Unrecognized enctype name in permitted_enctypes: des-cbc-crc | |
(2021-02-16 11:03:45): [krb5_child[51199]] [sss_child_krb5_trace_cb] (0x4000): [51199] 1613469825.574942: Unrecognized enctype name in permitted_enctypes: des-cbc-md5 | |
(2021-02-16 11:03:45): [krb5_child[51199]] [sss_child_krb5_trace_cb] (0x4000): [51199] 1613469825.574943: Negotiated enctype based on authenticator: rc4-hmac | |
(2021-02-16 11:03:45): [krb5_child[51199]] [sss_child_krb5_trace_cb] (0x4000): [51199] 1613469825.574944: Initializing MEMORY:rd_req2 with default princ user.test@INTERNAL.DOMAIN.TLD | |
(2021-02-16 11:03:45): [krb5_child[51199]] [sss_child_krb5_trace_cb] (0x4000): [51199] 1613469825.574945: Storing user.test@INTERNAL.DOMAIN.TLD -> TBHTESTCENT$@INTERNAL.DOMAIN.TLD in MEMORY:rd_req2 | |
(2021-02-16 11:03:45): [krb5_child[51199]] [sss_child_krb5_trace_cb] (0x4000): [51199] 1613469825.574946: Destroying ccache MEMORY:KIAaJt3 | |
(2021-02-16 11:03:45): [krb5_child[51199]] [validate_tgt] (0x0400): TGT verified using key for [TBHTESTCENT$@INTERNAL.DOMAIN.TLD]. | |
(2021-02-16 11:03:45): [krb5_child[51199]] [sss_child_krb5_trace_cb] (0x4000): [51199] 1613469825.574947: Retrieving user.test@INTERNAL.DOMAIN.TLD -> TBHTESTCENT$@INTERNAL.DOMAIN.TLD from MEMORY:rd_req2 with result: 0/Success | |
(2021-02-16 11:03:45): [krb5_child[51199]] [sss_child_krb5_trace_cb] (0x4000): [51199] 1613469825.574948: Unrecognized enctype name in permitted_enctypes: des-cbc-crc | |
(2021-02-16 11:03:45): [krb5_child[51199]] [sss_child_krb5_trace_cb] (0x4000): [51199] 1613469825.574949: Unrecognized enctype name in permitted_enctypes: des-cbc-md5 | |
(2021-02-16 11:03:45): [krb5_child[51199]] [sss_child_krb5_trace_cb] (0x4000): [51199] 1613469825.574950: Retrieving TBHTESTCENT$@INTERNAL.DOMAIN.TLD from MEMORY:/etc/krb5.keytab (vno 2, enctype rc4-hmac) with result: 0/Success | |
(2021-02-16 11:03:45): [krb5_child[51199]] [sss_send_pac] (0x0040): sss_pac_make_request failed [-1][2]. | |
(2021-02-16 11:03:45): [krb5_child[51199]] [validate_tgt] (0x0040): sss_send_pac failed, group membership for user with principal [user.test\@INTERNAL.DOMAIN.TLD@INTERNAL.DOMAIN.TLD] might not be correct. | |
(2021-02-16 11:03:45): [krb5_child[51199]] [sss_child_krb5_trace_cb] (0x4000): [51199] 1613469825.574951: Destroying ccache MEMORY:rd_req2 | |
(2021-02-16 11:03:45): [krb5_child[51199]] [get_and_save_tgt] (0x2000): Running as [1175201110][1175200513]. | |
(2021-02-16 11:03:45): [krb5_child[51199]] [sss_get_ccache_name_for_principal] (0x4000): Location: [KCM:] | |
(2021-02-16 11:03:45): [krb5_child[51199]] [sss_get_ccache_name_for_principal] (0x4000): tmp_ccname: [KCM:1175201110:22573] | |
(2021-02-16 11:03:45): [krb5_child[51199]] [create_ccache] (0x4000): Initializing ccache of type [KCM] | |
(2021-02-16 11:03:45): [krb5_child[51199]] [create_ccache] (0x4000): CC supports switch | |
(2021-02-16 11:03:46): [krb5_child[51199]] [create_ccache] (0x4000): returning: 0 | |
(2021-02-16 11:03:46): [krb5_child[51199]] [safe_remove_old_ccache_file] (0x0400): New and old ccache file are the same, none will be deleted. | |
(2021-02-16 11:03:46): [krb5_child[51199]] [k5c_send_data] (0x0200): Received error code 0 | |
(2021-02-16 11:03:46): [krb5_child[51199]] [pack_response_packet] (0x2000): response packet size: [128] | |
(2021-02-16 11:03:46): [krb5_child[51199]] [k5c_send_data] (0x4000): Response sent. | |
(2021-02-16 11:03:46): [krb5_child[51199]] [main] (0x0400): krb5_child completed successfully |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
(2021-02-16 10:40:50): [krb5_child[200363]] [main] (0x0400): krb5_child started. | |
(2021-02-16 10:40:50): [krb5_child[200363]] [unpack_buffer] (0x1000): total buffer size: [184] | |
(2021-02-16 10:40:50): [krb5_child[200363]] [unpack_buffer] (0x0100): cmd [241 (auth)] uid [1175201110] gid [1175200513] validate [true] enterprise principal [true] offline [false] UPN [user.test@internal.domain.tld] | |
(2021-02-16 10:40:50): [krb5_child[200363]] [unpack_buffer] (0x0100): ccname: [FILE:/tmp/krb5cc_1175201110_XXXXXX] old_ccname: [FILE:/tmp/krb5cc_1175201110_3p3VpZ] keytab: [/etc/krb5.keytab] | |
(2021-02-16 10:40:50): [krb5_child[200363]] [check_use_fast] (0x0100): Not using FAST. | |
(2021-02-16 10:40:50): [krb5_child[200363]] [switch_creds] (0x0200): Switch user to [1175201110][1175200513]. | |
(2021-02-16 10:40:50): [krb5_child[200363]] [switch_creds] (0x0200): Switch user to [0][0]. | |
(2021-02-16 10:40:50): [krb5_child[200363]] [k5c_check_old_ccache] (0x4000): Ccache_file is [FILE:/tmp/krb5cc_1175201110_3p3VpZ] and is not active and TGT is valid. | |
(2021-02-16 10:40:50): [krb5_child[200363]] [k5c_precreate_ccache] (0x4000): Recreating ccache | |
(2021-02-16 10:40:50): [krb5_child[200363]] [privileged_krb5_setup] (0x0080): Cannot open the PAC responder socket | |
(2021-02-16 10:40:50): [krb5_child[200363]] [become_user] (0x0200): Trying to become user [1175201110][1175200513]. | |
(2021-02-16 10:40:50): [krb5_child[200363]] [main] (0x2000): Running as [1175201110][1175200513]. | |
(2021-02-16 10:40:50): [krb5_child[200363]] [sss_child_set_krb5_tracing] (0x0100): krb5 tracing is not available | |
(2021-02-16 10:40:50): [krb5_child[200363]] [set_lifetime_options] (0x0100): No specific renewable lifetime requested. | |
(2021-02-16 10:40:50): [krb5_child[200363]] [set_lifetime_options] (0x0100): No specific lifetime requested. | |
(2021-02-16 10:40:50): [krb5_child[200363]] [set_canonicalize_option] (0x0100): Canonicalization is set to [true] | |
(2021-02-16 10:40:50): [krb5_child[200363]] [main] (0x0400): Will perform auth | |
(2021-02-16 10:40:50): [krb5_child[200363]] [main] (0x0400): Will perform online auth | |
(2021-02-16 10:40:50): [krb5_child[200363]] [tgt_req_child] (0x1000): Attempting to get a TGT | |
(2021-02-16 10:40:50): [krb5_child[200363]] [get_and_save_tgt] (0x0400): Attempting kinit for realm [internal.domain.tld] | |
(2021-02-16 10:40:50): [krb5_child[200363]] [sss_krb5_responder] (0x4000): Got question [password]. | |
(2021-02-16 10:40:50): [krb5_child[200363]] [validate_tgt] (0x2000): Found keytab entry with the realm of the credential. | |
(2021-02-16 10:40:50): [krb5_child[200363]] [validate_tgt] (0x0400): TGT verified using key for [restrictedkrbhost/tbh107.internal.domain.tld@internal.domain.tld]. | |
(2021-02-16 10:40:50): [krb5_child[200363]] [sss_send_pac] (0x0040): sss_pac_make_request failed [-1][2]. | |
(2021-02-16 10:40:50): [krb5_child[200363]] [validate_tgt] (0x0040): sss_send_pac failed, group membership for user with principal [user.test\@internal.domain.tld@internal.domain.tld] might not be correct. | |
(2021-02-16 10:40:50): [krb5_child[200363]] [get_and_save_tgt] (0x2000): Running as [1175201110][1175200513]. | |
(2021-02-16 10:40:50): [krb5_child[200363]] [sss_get_ccache_name_for_principal] (0x4000): Location: [FILE:/tmp/krb5cc_1175201110_XXXXXX] | |
(2021-02-16 10:40:50): [krb5_child[200363]] [sss_get_ccache_name_for_principal] (0x2000): krb5_cc_cache_match failed: [-1765328243][Can't find client principal user.test@internal.domain.tld in cache collection] | |
(2021-02-16 10:40:50): [krb5_child[200363]] [create_ccache] (0x4000): Initializing ccache of type [FILE] | |
(2021-02-16 10:40:50): [krb5_child[200363]] [create_ccache] (0x4000): returning: 0 | |
(2021-02-16 10:40:50): [krb5_child[200363]] [switch_creds] (0x0200): Switch user to [1175201110][1175200513]. | |
(2021-02-16 10:40:50): [krb5_child[200363]] [switch_creds] (0x0200): Already user [1175201110]. | |
(2021-02-16 10:40:50): [krb5_child[200363]] [k5c_send_data] (0x0200): Received error code 0 | |
(2021-02-16 10:40:50): [krb5_child[200363]] [pack_response_packet] (0x2000): response packet size: [142] | |
(2021-02-16 10:40:50): [krb5_child[200363]] [k5c_send_data] (0x4000): Response sent. | |
(2021-02-16 10:40:50): [krb5_child[200363]] [main] (0x0400): krb5_child completed successfully | |
(2021-02-16 10:58:24): [krb5_child[211669]] [main] (0x0400): krb5_child started. | |
(2021-02-16 10:58:24): [krb5_child[211669]] [unpack_buffer] (0x1000): total buffer size: [184] | |
(2021-02-16 10:58:24): [krb5_child[211669]] [unpack_buffer] (0x0100): cmd [241 (auth)] uid [1175201110] gid [1175200513] validate [true] enterprise principal [true] offline [false] UPN [user.test@internal.domain.tld] | |
(2021-02-16 10:58:24): [krb5_child[211669]] [unpack_buffer] (0x0100): ccname: [FILE:/tmp/krb5cc_1175201110_XXXXXX] old_ccname: [FILE:/tmp/krb5cc_1175201110_bM663v] keytab: [/etc/krb5.keytab] | |
(2021-02-16 10:58:24): [krb5_child[211669]] [check_use_fast] (0x0100): Not using FAST. | |
(2021-02-16 10:58:24): [krb5_child[211669]] [switch_creds] (0x0200): Switch user to [1175201110][1175200513]. | |
(2021-02-16 10:58:24): [krb5_child[211669]] [switch_creds] (0x0200): Switch user to [0][0]. | |
(2021-02-16 10:58:24): [krb5_child[211669]] [k5c_check_old_ccache] (0x4000): Ccache_file is [FILE:/tmp/krb5cc_1175201110_bM663v] and is not active and TGT is valid. | |
(2021-02-16 10:58:24): [krb5_child[211669]] [k5c_precreate_ccache] (0x4000): Recreating ccache | |
(2021-02-16 10:58:24): [krb5_child[211669]] [privileged_krb5_setup] (0x0080): Cannot open the PAC responder socket | |
(2021-02-16 10:58:24): [krb5_child[211669]] [become_user] (0x0200): Trying to become user [1175201110][1175200513]. | |
(2021-02-16 10:58:24): [krb5_child[211669]] [main] (0x2000): Running as [1175201110][1175200513]. | |
(2021-02-16 10:58:24): [krb5_child[211669]] [sss_child_set_krb5_tracing] (0x0100): krb5 tracing is not available | |
(2021-02-16 10:58:24): [krb5_child[211669]] [set_lifetime_options] (0x0100): No specific renewable lifetime requested. | |
(2021-02-16 10:58:24): [krb5_child[211669]] [set_lifetime_options] (0x0100): No specific lifetime requested. | |
(2021-02-16 10:58:24): [krb5_child[211669]] [set_canonicalize_option] (0x0100): Canonicalization is set to [true] | |
(2021-02-16 10:58:24): [krb5_child[211669]] [main] (0x0400): Will perform auth | |
(2021-02-16 10:58:24): [krb5_child[211669]] [main] (0x0400): Will perform online auth | |
(2021-02-16 10:58:24): [krb5_child[211669]] [tgt_req_child] (0x1000): Attempting to get a TGT | |
(2021-02-16 10:58:24): [krb5_child[211669]] [get_and_save_tgt] (0x0400): Attempting kinit for realm [internal.domain.tld] | |
(2021-02-16 10:58:24): [krb5_child[211669]] [sss_krb5_responder] (0x4000): Got question [password]. | |
(2021-02-16 10:58:24): [krb5_child[211669]] [validate_tgt] (0x2000): Found keytab entry with the realm of the credential. | |
(2021-02-16 10:58:24): [krb5_child[211669]] [validate_tgt] (0x0400): TGT verified using key for [restrictedkrbhost/tbh107.internal.domain.tld@internal.domain.tld]. | |
(2021-02-16 10:58:24): [krb5_child[211669]] [sss_send_pac] (0x0040): sss_pac_make_request failed [-1][2]. | |
(2021-02-16 10:58:24): [krb5_child[211669]] [validate_tgt] (0x0040): sss_send_pac failed, group membership for user with principal [user.test\@internal.domain.tld@internal.domain.tld] might not be correct. | |
(2021-02-16 10:58:24): [krb5_child[211669]] [get_and_save_tgt] (0x2000): Running as [1175201110][1175200513]. | |
(2021-02-16 10:58:24): [krb5_child[211669]] [sss_get_ccache_name_for_principal] (0x4000): Location: [FILE:/tmp/krb5cc_1175201110_XXXXXX] | |
(2021-02-16 10:58:24): [krb5_child[211669]] [sss_get_ccache_name_for_principal] (0x2000): krb5_cc_cache_match failed: [-1765328243][Can't find client principal user.test@internal.domain.tld in cache collection] | |
(2021-02-16 10:58:24): [krb5_child[211669]] [create_ccache] (0x4000): Initializing ccache of type [FILE] | |
(2021-02-16 10:58:24): [krb5_child[211669]] [create_ccache] (0x4000): returning: 0 | |
(2021-02-16 10:58:24): [krb5_child[211669]] [switch_creds] (0x0200): Switch user to [1175201110][1175200513]. | |
(2021-02-16 10:58:24): [krb5_child[211669]] [switch_creds] (0x0200): Already user [1175201110]. | |
(2021-02-16 10:58:24): [krb5_child[211669]] [k5c_send_data] (0x0200): Received error code 0 | |
(2021-02-16 10:58:24): [krb5_child[211669]] [pack_response_packet] (0x2000): response packet size: [142] | |
(2021-02-16 10:58:24): [krb5_child[211669]] [k5c_send_data] (0x4000): Response sent. | |
(2021-02-16 10:58:24): [krb5_child[211669]] [main] (0x0400): krb5_child completed successfully | |
(2021-02-16 10:58:38): [krb5_child[211835]] [main] (0x0400): krb5_child started. | |
(2021-02-16 10:58:38): [krb5_child[211835]] [unpack_buffer] (0x1000): total buffer size: [184] | |
(2021-02-16 10:58:38): [krb5_child[211835]] [unpack_buffer] (0x0100): cmd [241 (auth)] uid [1175201110] gid [1175200513] validate [true] enterprise principal [true] offline [false] UPN [user.test@internal.domain.tld] | |
(2021-02-16 10:58:38): [krb5_child[211835]] [unpack_buffer] (0x0100): ccname: [FILE:/tmp/krb5cc_1175201110_XXXXXX] old_ccname: [FILE:/tmp/krb5cc_1175201110_tXazid] keytab: [/etc/krb5.keytab] | |
(2021-02-16 10:58:38): [krb5_child[211835]] [check_use_fast] (0x0100): Not using FAST. | |
(2021-02-16 10:58:38): [krb5_child[211835]] [switch_creds] (0x0200): Switch user to [1175201110][1175200513]. | |
(2021-02-16 10:58:38): [krb5_child[211835]] [switch_creds] (0x0200): Switch user to [0][0]. | |
(2021-02-16 10:58:38): [krb5_child[211835]] [k5c_check_old_ccache] (0x4000): Ccache_file is [FILE:/tmp/krb5cc_1175201110_tXazid] and is not active and TGT is valid. | |
(2021-02-16 10:58:38): [krb5_child[211835]] [k5c_precreate_ccache] (0x4000): Recreating ccache | |
(2021-02-16 10:58:38): [krb5_child[211835]] [privileged_krb5_setup] (0x0080): Cannot open the PAC responder socket | |
(2021-02-16 10:58:38): [krb5_child[211835]] [become_user] (0x0200): Trying to become user [1175201110][1175200513]. | |
(2021-02-16 10:58:38): [krb5_child[211835]] [main] (0x2000): Running as [1175201110][1175200513]. | |
(2021-02-16 10:58:38): [krb5_child[211835]] [sss_child_set_krb5_tracing] (0x0100): krb5 tracing is not available | |
(2021-02-16 10:58:38): [krb5_child[211835]] [set_lifetime_options] (0x0100): No specific renewable lifetime requested. | |
(2021-02-16 10:58:38): [krb5_child[211835]] [set_lifetime_options] (0x0100): No specific lifetime requested. | |
(2021-02-16 10:58:38): [krb5_child[211835]] [set_canonicalize_option] (0x0100): Canonicalization is set to [true] | |
(2021-02-16 10:58:38): [krb5_child[211835]] [main] (0x0400): Will perform auth | |
(2021-02-16 10:58:38): [krb5_child[211835]] [main] (0x0400): Will perform online auth | |
(2021-02-16 10:58:38): [krb5_child[211835]] [tgt_req_child] (0x1000): Attempting to get a TGT | |
(2021-02-16 10:58:38): [krb5_child[211835]] [get_and_save_tgt] (0x0400): Attempting kinit for realm [internal.domain.tld] | |
(2021-02-16 10:58:38): [krb5_child[211835]] [sss_krb5_responder] (0x4000): Got question [password]. | |
(2021-02-16 10:58:38): [krb5_child[211835]] [validate_tgt] (0x2000): Found keytab entry with the realm of the credential. | |
(2021-02-16 10:58:38): [krb5_child[211835]] [validate_tgt] (0x0400): TGT verified using key for [restrictedkrbhost/tbh107.internal.domain.tld@internal.domain.tld]. | |
(2021-02-16 10:58:38): [krb5_child[211835]] [sss_send_pac] (0x0040): sss_pac_make_request failed [-1][2]. | |
(2021-02-16 10:58:38): [krb5_child[211835]] [validate_tgt] (0x0040): sss_send_pac failed, group membership for user with principal [user.test\@internal.domain.tld@internal.domain.tld] might not be correct. | |
(2021-02-16 10:58:38): [krb5_child[211835]] [get_and_save_tgt] (0x2000): Running as [1175201110][1175200513]. | |
(2021-02-16 10:58:38): [krb5_child[211835]] [sss_get_ccache_name_for_principal] (0x4000): Location: [FILE:/tmp/krb5cc_1175201110_XXXXXX] | |
(2021-02-16 10:58:38): [krb5_child[211835]] [sss_get_ccache_name_for_principal] (0x2000): krb5_cc_cache_match failed: [-1765328243][Can't find client principal user.test@internal.domain.tld in cache collection] | |
(2021-02-16 10:58:38): [krb5_child[211835]] [create_ccache] (0x4000): Initializing ccache of type [FILE] | |
(2021-02-16 10:58:38): [krb5_child[211835]] [create_ccache] (0x4000): returning: 0 | |
(2021-02-16 10:58:38): [krb5_child[211835]] [switch_creds] (0x0200): Switch user to [1175201110][1175200513]. | |
(2021-02-16 10:58:38): [krb5_child[211835]] [switch_creds] (0x0200): Already user [1175201110]. | |
(2021-02-16 10:58:38): [krb5_child[211835]] [k5c_send_data] (0x0200): Received error code 0 | |
(2021-02-16 10:58:38): [krb5_child[211835]] [pack_response_packet] (0x2000): response packet size: [142] | |
(2021-02-16 10:58:38): [krb5_child[211835]] [k5c_send_data] (0x4000): Response sent. | |
(2021-02-16 10:58:38): [krb5_child[211835]] [main] (0x0400): krb5_child completed successfully | |
(2021-02-16 10:58:56): [krb5_child[212012]] [main] (0x0400): krb5_child started. | |
(2021-02-16 10:58:56): [krb5_child[212012]] [unpack_buffer] (0x1000): total buffer size: [184] | |
(2021-02-16 10:58:56): [krb5_child[212012]] [unpack_buffer] (0x0100): cmd [241 (auth)] uid [1175201110] gid [1175200513] validate [true] enterprise principal [true] offline [false] UPN [user.test@internal.domain.tld] | |
(2021-02-16 10:58:56): [krb5_child[212012]] [unpack_buffer] (0x0100): ccname: [FILE:/tmp/krb5cc_1175201110_XXXXXX] old_ccname: [FILE:/tmp/krb5cc_1175201110_PwHJv4] keytab: [/etc/krb5.keytab] | |
(2021-02-16 10:58:56): [krb5_child[212012]] [check_use_fast] (0x0100): Not using FAST. | |
(2021-02-16 10:58:56): [krb5_child[212012]] [switch_creds] (0x0200): Switch user to [1175201110][1175200513]. | |
(2021-02-16 10:58:56): [krb5_child[212012]] [switch_creds] (0x0200): Switch user to [0][0]. | |
(2021-02-16 10:58:56): [krb5_child[212012]] [k5c_check_old_ccache] (0x4000): Ccache_file is [FILE:/tmp/krb5cc_1175201110_PwHJv4] and is not active and TGT is valid. | |
(2021-02-16 10:58:56): [krb5_child[212012]] [k5c_precreate_ccache] (0x4000): Recreating ccache | |
(2021-02-16 10:58:56): [krb5_child[212012]] [privileged_krb5_setup] (0x0080): Cannot open the PAC responder socket | |
(2021-02-16 10:58:56): [krb5_child[212012]] [become_user] (0x0200): Trying to become user [1175201110][1175200513]. | |
(2021-02-16 10:58:56): [krb5_child[212012]] [main] (0x2000): Running as [1175201110][1175200513]. | |
(2021-02-16 10:58:56): [krb5_child[212012]] [sss_child_set_krb5_tracing] (0x0100): krb5 tracing is not available | |
(2021-02-16 10:58:56): [krb5_child[212012]] [set_lifetime_options] (0x0100): No specific renewable lifetime requested. | |
(2021-02-16 10:58:56): [krb5_child[212012]] [set_lifetime_options] (0x0100): No specific lifetime requested. | |
(2021-02-16 10:58:56): [krb5_child[212012]] [set_canonicalize_option] (0x0100): Canonicalization is set to [true] | |
(2021-02-16 10:58:56): [krb5_child[212012]] [main] (0x0400): Will perform auth | |
(2021-02-16 10:58:56): [krb5_child[212012]] [main] (0x0400): Will perform online auth | |
(2021-02-16 10:58:56): [krb5_child[212012]] [tgt_req_child] (0x1000): Attempting to get a TGT | |
(2021-02-16 10:58:56): [krb5_child[212012]] [get_and_save_tgt] (0x0400): Attempting kinit for realm [internal.domain.tld] | |
(2021-02-16 10:58:56): [krb5_child[212012]] [sss_krb5_responder] (0x4000): Got question [password]. | |
(2021-02-16 10:58:56): [krb5_child[212012]] [validate_tgt] (0x2000): Found keytab entry with the realm of the credential. | |
(2021-02-16 10:58:56): [krb5_child[212012]] [validate_tgt] (0x0400): TGT verified using key for [restrictedkrbhost/tbh107.internal.domain.tld@internal.domain.tld]. | |
(2021-02-16 10:58:56): [krb5_child[212012]] [sss_send_pac] (0x0040): sss_pac_make_request failed [-1][2]. | |
(2021-02-16 10:58:56): [krb5_child[212012]] [validate_tgt] (0x0040): sss_send_pac failed, group membership for user with principal [user.test\@internal.domain.tld@internal.domain.tld] might not be correct. | |
(2021-02-16 10:58:56): [krb5_child[212012]] [get_and_save_tgt] (0x2000): Running as [1175201110][1175200513]. | |
(2021-02-16 10:58:56): [krb5_child[212012]] [sss_get_ccache_name_for_principal] (0x4000): Location: [FILE:/tmp/krb5cc_1175201110_XXXXXX] | |
(2021-02-16 10:58:56): [krb5_child[212012]] [sss_get_ccache_name_for_principal] (0x2000): krb5_cc_cache_match failed: [-1765328243][Can't find client principal user.test@internal.domain.tld in cache collection] | |
(2021-02-16 10:58:56): [krb5_child[212012]] [create_ccache] (0x4000): Initializing ccache of type [FILE] | |
(2021-02-16 10:58:56): [krb5_child[212012]] [create_ccache] (0x4000): returning: 0 | |
(2021-02-16 10:58:56): [krb5_child[212012]] [switch_creds] (0x0200): Switch user to [1175201110][1175200513]. | |
(2021-02-16 10:58:56): [krb5_child[212012]] [switch_creds] (0x0200): Already user [1175201110]. | |
(2021-02-16 10:58:56): [krb5_child[212012]] [k5c_send_data] (0x0200): Received error code 0 | |
(2021-02-16 10:58:56): [krb5_child[212012]] [pack_response_packet] (0x2000): response packet size: [142] | |
(2021-02-16 10:58:56): [krb5_child[212012]] [k5c_send_data] (0x4000): Response sent. | |
(2021-02-16 10:58:56): [krb5_child[212012]] [main] (0x0400): krb5_child completed successfully | |
(2021-02-16 10:59:28): [krb5_child[212365]] [main] (0x0400): krb5_child started. | |
(2021-02-16 10:59:28): [krb5_child[212365]] [unpack_buffer] (0x1000): total buffer size: [184] | |
(2021-02-16 10:59:28): [krb5_child[212365]] [unpack_buffer] (0x0100): cmd [241 (auth)] uid [1175201110] gid [1175200513] validate [true] enterprise principal [true] offline [false] UPN [user.test@internal.domain.tld] | |
(2021-02-16 10:59:28): [krb5_child[212365]] [unpack_buffer] (0x0100): ccname: [FILE:/tmp/krb5cc_1175201110_XXXXXX] old_ccname: [FILE:/tmp/krb5cc_1175201110_HyX4KM] keytab: [/etc/krb5.keytab] | |
(2021-02-16 10:59:28): [krb5_child[212365]] [check_use_fast] (0x0100): Not using FAST. | |
(2021-02-16 10:59:28): [krb5_child[212365]] [switch_creds] (0x0200): Switch user to [1175201110][1175200513]. | |
(2021-02-16 10:59:28): [krb5_child[212365]] [switch_creds] (0x0200): Switch user to [0][0]. | |
(2021-02-16 10:59:28): [krb5_child[212365]] [k5c_check_old_ccache] (0x4000): Ccache_file is [FILE:/tmp/krb5cc_1175201110_HyX4KM] and is not active and TGT is valid. | |
(2021-02-16 10:59:28): [krb5_child[212365]] [k5c_precreate_ccache] (0x4000): Recreating ccache | |
(2021-02-16 10:59:28): [krb5_child[212365]] [privileged_krb5_setup] (0x0080): Cannot open the PAC responder socket | |
(2021-02-16 10:59:28): [krb5_child[212365]] [become_user] (0x0200): Trying to become user [1175201110][1175200513]. | |
(2021-02-16 10:59:28): [krb5_child[212365]] [main] (0x2000): Running as [1175201110][1175200513]. | |
(2021-02-16 10:59:28): [krb5_child[212365]] [sss_child_set_krb5_tracing] (0x0100): krb5 tracing is not available | |
(2021-02-16 10:59:28): [krb5_child[212365]] [set_lifetime_options] (0x0100): No specific renewable lifetime requested. | |
(2021-02-16 10:59:28): [krb5_child[212365]] [set_lifetime_options] (0x0100): No specific lifetime requested. | |
(2021-02-16 10:59:28): [krb5_child[212365]] [set_canonicalize_option] (0x0100): Canonicalization is set to [true] | |
(2021-02-16 10:59:28): [krb5_child[212365]] [main] (0x0400): Will perform auth | |
(2021-02-16 10:59:28): [krb5_child[212365]] [main] (0x0400): Will perform online auth | |
(2021-02-16 10:59:28): [krb5_child[212365]] [tgt_req_child] (0x1000): Attempting to get a TGT | |
(2021-02-16 10:59:28): [krb5_child[212365]] [get_and_save_tgt] (0x0400): Attempting kinit for realm [internal.domain.tld] | |
(2021-02-16 10:59:28): [krb5_child[212365]] [sss_krb5_responder] (0x4000): Got question [password]. | |
(2021-02-16 10:59:28): [krb5_child[212365]] [validate_tgt] (0x2000): Found keytab entry with the realm of the credential. | |
(2021-02-16 10:59:28): [krb5_child[212365]] [validate_tgt] (0x0400): TGT verified using key for [restrictedkrbhost/tbh107.internal.domain.tld@internal.domain.tld]. | |
(2021-02-16 10:59:28): [krb5_child[212365]] [sss_send_pac] (0x0040): sss_pac_make_request failed [-1][2]. | |
(2021-02-16 10:59:28): [krb5_child[212365]] [validate_tgt] (0x0040): sss_send_pac failed, group membership for user with principal [user.test\@internal.domain.tld@internal.domain.tld] might not be correct. | |
(2021-02-16 10:59:28): [krb5_child[212365]] [get_and_save_tgt] (0x2000): Running as [1175201110][1175200513]. | |
(2021-02-16 10:59:28): [krb5_child[212365]] [sss_get_ccache_name_for_principal] (0x4000): Location: [FILE:/tmp/krb5cc_1175201110_XXXXXX] | |
(2021-02-16 10:59:28): [krb5_child[212365]] [sss_get_ccache_name_for_principal] (0x2000): krb5_cc_cache_match failed: [-1765328243][Can't find client principal user.test@internal.domain.tld in cache collection] | |
(2021-02-16 10:59:28): [krb5_child[212365]] [create_ccache] (0x4000): Initializing ccache of type [FILE] | |
(2021-02-16 10:59:28): [krb5_child[212365]] [create_ccache] (0x4000): returning: 0 | |
(2021-02-16 10:59:28): [krb5_child[212365]] [switch_creds] (0x0200): Switch user to [1175201110][1175200513]. | |
(2021-02-16 10:59:28): [krb5_child[212365]] [switch_creds] (0x0200): Already user [1175201110]. | |
(2021-02-16 10:59:28): [krb5_child[212365]] [k5c_send_data] (0x0200): Received error code 0 | |
(2021-02-16 10:59:28): [krb5_child[212365]] [pack_response_packet] (0x2000): response packet size: [142] | |
(2021-02-16 10:59:28): [krb5_child[212365]] [k5c_send_data] (0x4000): Response sent. | |
(2021-02-16 10:59:28): [krb5_child[212365]] [main] (0x0400): krb5_child completed successfully | |
(2021-02-16 11:00:07): [krb5_child[212785]] [main] (0x0400): krb5_child started. | |
(2021-02-16 11:00:07): [krb5_child[212785]] [unpack_buffer] (0x1000): total buffer size: [184] | |
(2021-02-16 11:00:07): [krb5_child[212785]] [unpack_buffer] (0x0100): cmd [241 (auth)] uid [1175201110] gid [1175200513] validate [true] enterprise principal [true] offline [false] UPN [user.test@internal.domain.tld] | |
(2021-02-16 11:00:07): [krb5_child[212785]] [unpack_buffer] (0x0100): ccname: [FILE:/tmp/krb5cc_1175201110_XXXXXX] old_ccname: [FILE:/tmp/krb5cc_1175201110_UYbkhv] keytab: [/etc/krb5.keytab] | |
(2021-02-16 11:00:07): [krb5_child[212785]] [check_use_fast] (0x0100): Not using FAST. | |
(2021-02-16 11:00:07): [krb5_child[212785]] [switch_creds] (0x0200): Switch user to [1175201110][1175200513]. | |
(2021-02-16 11:00:07): [krb5_child[212785]] [switch_creds] (0x0200): Switch user to [0][0]. | |
(2021-02-16 11:00:07): [krb5_child[212785]] [k5c_check_old_ccache] (0x4000): Ccache_file is [FILE:/tmp/krb5cc_1175201110_UYbkhv] and is not active and TGT is valid. | |
(2021-02-16 11:00:07): [krb5_child[212785]] [k5c_precreate_ccache] (0x4000): Recreating ccache | |
(2021-02-16 11:00:07): [krb5_child[212785]] [privileged_krb5_setup] (0x0080): Cannot open the PAC responder socket | |
(2021-02-16 11:00:07): [krb5_child[212785]] [become_user] (0x0200): Trying to become user [1175201110][1175200513]. | |
(2021-02-16 11:00:07): [krb5_child[212785]] [main] (0x2000): Running as [1175201110][1175200513]. | |
(2021-02-16 11:00:07): [krb5_child[212785]] [sss_child_set_krb5_tracing] (0x0100): krb5 tracing is not available | |
(2021-02-16 11:00:07): [krb5_child[212785]] [set_lifetime_options] (0x0100): No specific renewable lifetime requested. | |
(2021-02-16 11:00:07): [krb5_child[212785]] [set_lifetime_options] (0x0100): No specific lifetime requested. | |
(2021-02-16 11:00:07): [krb5_child[212785]] [set_canonicalize_option] (0x0100): Canonicalization is set to [true] | |
(2021-02-16 11:00:07): [krb5_child[212785]] [main] (0x0400): Will perform auth | |
(2021-02-16 11:00:07): [krb5_child[212785]] [main] (0x0400): Will perform online auth | |
(2021-02-16 11:00:07): [krb5_child[212785]] [tgt_req_child] (0x1000): Attempting to get a TGT | |
(2021-02-16 11:00:07): [krb5_child[212785]] [get_and_save_tgt] (0x0400): Attempting kinit for realm [internal.domain.tld] | |
(2021-02-16 11:00:07): [krb5_child[212785]] [sss_krb5_responder] (0x4000): Got question [password]. | |
(2021-02-16 11:00:07): [krb5_child[212785]] [validate_tgt] (0x2000): Found keytab entry with the realm of the credential. | |
(2021-02-16 11:00:07): [krb5_child[212785]] [validate_tgt] (0x0400): TGT verified using key for [restrictedkrbhost/tbh107.internal.domain.tld@internal.domain.tld]. | |
(2021-02-16 11:00:07): [krb5_child[212785]] [sss_send_pac] (0x0040): sss_pac_make_request failed [-1][2]. | |
(2021-02-16 11:00:07): [krb5_child[212785]] [validate_tgt] (0x0040): sss_send_pac failed, group membership for user with principal [user.test\@internal.domain.tld@internal.domain.tld] might not be correct. | |
(2021-02-16 11:00:07): [krb5_child[212785]] [get_and_save_tgt] (0x2000): Running as [1175201110][1175200513]. | |
(2021-02-16 11:00:07): [krb5_child[212785]] [sss_get_ccache_name_for_principal] (0x4000): Location: [FILE:/tmp/krb5cc_1175201110_XXXXXX] | |
(2021-02-16 11:00:07): [krb5_child[212785]] [sss_get_ccache_name_for_principal] (0x2000): krb5_cc_cache_match failed: [-1765328243][Can't find client principal user.test@internal.domain.tld in cache collection] | |
(2021-02-16 11:00:07): [krb5_child[212785]] [create_ccache] (0x4000): Initializing ccache of type [FILE] | |
(2021-02-16 11:00:07): [krb5_child[212785]] [create_ccache] (0x4000): returning: 0 | |
(2021-02-16 11:00:07): [krb5_child[212785]] [switch_creds] (0x0200): Switch user to [1175201110][1175200513]. | |
(2021-02-16 11:00:07): [krb5_child[212785]] [switch_creds] (0x0200): Already user [1175201110]. | |
(2021-02-16 11:00:07): [krb5_child[212785]] [k5c_send_data] (0x0200): Received error code 0 | |
(2021-02-16 11:00:07): [krb5_child[212785]] [pack_response_packet] (0x2000): response packet size: [142] | |
(2021-02-16 11:00:07): [krb5_child[212785]] [k5c_send_data] (0x4000): Response sent. | |
(2021-02-16 11:00:07): [krb5_child[212785]] [main] (0x0400): krb5_child completed successfully | |
(2021-02-16 11:00:22): [krb5_child[212963]] [main] (0x0400): krb5_child started. | |
(2021-02-16 11:00:22): [krb5_child[212963]] [unpack_buffer] (0x1000): total buffer size: [184] | |
(2021-02-16 11:00:22): [krb5_child[212963]] [unpack_buffer] (0x0100): cmd [241 (auth)] uid [1175201110] gid [1175200513] validate [true] enterprise principal [true] offline [false] UPN [user.test@internal.domain.tld] | |
(2021-02-16 11:00:22): [krb5_child[212963]] [unpack_buffer] (0x0100): ccname: [FILE:/tmp/krb5cc_1175201110_XXXXXX] old_ccname: [FILE:/tmp/krb5cc_1175201110_T4mngK] keytab: [/etc/krb5.keytab] | |
(2021-02-16 11:00:22): [krb5_child[212963]] [check_use_fast] (0x0100): Not using FAST. | |
(2021-02-16 11:00:22): [krb5_child[212963]] [switch_creds] (0x0200): Switch user to [1175201110][1175200513]. | |
(2021-02-16 11:00:22): [krb5_child[212963]] [switch_creds] (0x0200): Switch user to [0][0]. | |
(2021-02-16 11:00:22): [krb5_child[212963]] [k5c_check_old_ccache] (0x4000): Ccache_file is [FILE:/tmp/krb5cc_1175201110_T4mngK] and is not active and TGT is valid. | |
(2021-02-16 11:00:22): [krb5_child[212963]] [k5c_precreate_ccache] (0x4000): Recreating ccache | |
(2021-02-16 11:00:22): [krb5_child[212963]] [privileged_krb5_setup] (0x0080): Cannot open the PAC responder socket | |
(2021-02-16 11:00:22): [krb5_child[212963]] [become_user] (0x0200): Trying to become user [1175201110][1175200513]. | |
(2021-02-16 11:00:22): [krb5_child[212963]] [main] (0x2000): Running as [1175201110][1175200513]. | |
(2021-02-16 11:00:22): [krb5_child[212963]] [sss_child_set_krb5_tracing] (0x0100): krb5 tracing is not available | |
(2021-02-16 11:00:22): [krb5_child[212963]] [set_lifetime_options] (0x0100): No specific renewable lifetime requested. | |
(2021-02-16 11:00:22): [krb5_child[212963]] [set_lifetime_options] (0x0100): No specific lifetime requested. | |
(2021-02-16 11:00:22): [krb5_child[212963]] [set_canonicalize_option] (0x0100): Canonicalization is set to [true] | |
(2021-02-16 11:00:22): [krb5_child[212963]] [main] (0x0400): Will perform auth | |
(2021-02-16 11:00:22): [krb5_child[212963]] [main] (0x0400): Will perform online auth | |
(2021-02-16 11:00:22): [krb5_child[212963]] [tgt_req_child] (0x1000): Attempting to get a TGT | |
(2021-02-16 11:00:22): [krb5_child[212963]] [get_and_save_tgt] (0x0400): Attempting kinit for realm [internal.domain.tld] | |
(2021-02-16 11:00:22): [krb5_child[212963]] [sss_krb5_responder] (0x4000): Got question [password]. | |
(2021-02-16 11:00:22): [krb5_child[212963]] [validate_tgt] (0x2000): Found keytab entry with the realm of the credential. | |
(2021-02-16 11:00:22): [krb5_child[212963]] [validate_tgt] (0x0400): TGT verified using key for [restrictedkrbhost/tbh107.internal.domain.tld@internal.domain.tld]. | |
(2021-02-16 11:00:22): [krb5_child[212963]] [sss_send_pac] (0x0040): sss_pac_make_request failed [-1][2]. | |
(2021-02-16 11:00:22): [krb5_child[212963]] [validate_tgt] (0x0040): sss_send_pac failed, group membership for user with principal [user.test\@internal.domain.tld@internal.domain.tld] might not be correct. | |
(2021-02-16 11:00:22): [krb5_child[212963]] [get_and_save_tgt] (0x2000): Running as [1175201110][1175200513]. | |
(2021-02-16 11:00:22): [krb5_child[212963]] [sss_get_ccache_name_for_principal] (0x4000): Location: [FILE:/tmp/krb5cc_1175201110_XXXXXX] | |
(2021-02-16 11:00:22): [krb5_child[212963]] [sss_get_ccache_name_for_principal] (0x2000): krb5_cc_cache_match failed: [-1765328243][Can't find client principal user.test@internal.domain.tld in cache collection] | |
(2021-02-16 11:00:22): [krb5_child[212963]] [create_ccache] (0x4000): Initializing ccache of type [FILE] | |
(2021-02-16 11:00:22): [krb5_child[212963]] [create_ccache] (0x4000): returning: 0 | |
(2021-02-16 11:00:22): [krb5_child[212963]] [switch_creds] (0x0200): Switch user to [1175201110][1175200513]. | |
(2021-02-16 11:00:22): [krb5_child[212963]] [switch_creds] (0x0200): Already user [1175201110]. | |
(2021-02-16 11:00:22): [krb5_child[212963]] [k5c_send_data] (0x0200): Received error code 0 | |
(2021-02-16 11:00:22): [krb5_child[212963]] [pack_response_packet] (0x2000): response packet size: [142] | |
(2021-02-16 11:00:22): [krb5_child[212963]] [k5c_send_data] (0x4000): Response sent. | |
(2021-02-16 11:00:22): [krb5_child[212963]] [main] (0x0400): krb5_child completed successfully | |
(2021-02-16 11:01:29): [krb5_child[213704]] [main] (0x0400): krb5_child started. | |
(2021-02-16 11:01:29): [krb5_child[213704]] [unpack_buffer] (0x1000): total buffer size: [184] | |
(2021-02-16 11:01:29): [krb5_child[213704]] [unpack_buffer] (0x0100): cmd [241 (auth)] uid [1175201110] gid [1175200513] validate [true] enterprise principal [true] offline [false] UPN [user.test@internal.domain.tld] | |
(2021-02-16 11:01:29): [krb5_child[213704]] [unpack_buffer] (0x0100): ccname: [FILE:/tmp/krb5cc_1175201110_XXXXXX] old_ccname: [FILE:/tmp/krb5cc_1175201110_YWWT3Q] keytab: [/etc/krb5.keytab] | |
(2021-02-16 11:01:29): [krb5_child[213704]] [check_use_fast] (0x0100): Not using FAST. | |
(2021-02-16 11:01:29): [krb5_child[213704]] [switch_creds] (0x0200): Switch user to [1175201110][1175200513]. | |
(2021-02-16 11:01:29): [krb5_child[213704]] [switch_creds] (0x0200): Switch user to [0][0]. | |
(2021-02-16 11:01:29): [krb5_child[213704]] [k5c_check_old_ccache] (0x4000): Ccache_file is [FILE:/tmp/krb5cc_1175201110_YWWT3Q] and is not active and TGT is valid. | |
(2021-02-16 11:01:29): [krb5_child[213704]] [k5c_precreate_ccache] (0x4000): Recreating ccache | |
(2021-02-16 11:01:29): [krb5_child[213704]] [privileged_krb5_setup] (0x0080): Cannot open the PAC responder socket | |
(2021-02-16 11:01:29): [krb5_child[213704]] [become_user] (0x0200): Trying to become user [1175201110][1175200513]. | |
(2021-02-16 11:01:29): [krb5_child[213704]] [main] (0x2000): Running as [1175201110][1175200513]. | |
(2021-02-16 11:01:29): [krb5_child[213704]] [sss_child_set_krb5_tracing] (0x0100): krb5 tracing is not available | |
(2021-02-16 11:01:29): [krb5_child[213704]] [set_lifetime_options] (0x0100): No specific renewable lifetime requested. | |
(2021-02-16 11:01:29): [krb5_child[213704]] [set_lifetime_options] (0x0100): No specific lifetime requested. | |
(2021-02-16 11:01:29): [krb5_child[213704]] [set_canonicalize_option] (0x0100): Canonicalization is set to [true] | |
(2021-02-16 11:01:29): [krb5_child[213704]] [main] (0x0400): Will perform auth | |
(2021-02-16 11:01:29): [krb5_child[213704]] [main] (0x0400): Will perform online auth | |
(2021-02-16 11:01:29): [krb5_child[213704]] [tgt_req_child] (0x1000): Attempting to get a TGT | |
(2021-02-16 11:01:29): [krb5_child[213704]] [get_and_save_tgt] (0x0400): Attempting kinit for realm [internal.domain.tld] | |
(2021-02-16 11:01:29): [krb5_child[213704]] [sss_krb5_responder] (0x4000): Got question [password]. | |
(2021-02-16 11:01:30): [krb5_child[213704]] [validate_tgt] (0x2000): Found keytab entry with the realm of the credential. | |
(2021-02-16 11:01:30): [krb5_child[213704]] [validate_tgt] (0x0400): TGT verified using key for [restrictedkrbhost/tbh107.internal.domain.tld@internal.domain.tld]. | |
(2021-02-16 11:01:30): [krb5_child[213704]] [sss_send_pac] (0x0040): sss_pac_make_request failed [-1][2]. | |
(2021-02-16 11:01:30): [krb5_child[213704]] [validate_tgt] (0x0040): sss_send_pac failed, group membership for user with principal [user.test\@internal.domain.tld@internal.domain.tld] might not be correct. | |
(2021-02-16 11:01:30): [krb5_child[213704]] [get_and_save_tgt] (0x2000): Running as [1175201110][1175200513]. | |
(2021-02-16 11:01:30): [krb5_child[213704]] [sss_get_ccache_name_for_principal] (0x4000): Location: [FILE:/tmp/krb5cc_1175201110_XXXXXX] | |
(2021-02-16 11:01:30): [krb5_child[213704]] [sss_get_ccache_name_for_principal] (0x2000): krb5_cc_cache_match failed: [-1765328243][Can't find client principal user.test@internal.domain.tld in cache collection] | |
(2021-02-16 11:01:30): [krb5_child[213704]] [create_ccache] (0x4000): Initializing ccache of type [FILE] | |
(2021-02-16 11:01:30): [krb5_child[213704]] [create_ccache] (0x4000): returning: 0 | |
(2021-02-16 11:01:30): [krb5_child[213704]] [switch_creds] (0x0200): Switch user to [1175201110][1175200513]. | |
(2021-02-16 11:01:30): [krb5_child[213704]] [switch_creds] (0x0200): Already user [1175201110]. | |
(2021-02-16 11:01:30): [krb5_child[213704]] [k5c_send_data] (0x0200): Received error code 0 | |
(2021-02-16 11:01:30): [krb5_child[213704]] [pack_response_packet] (0x2000): response packet size: [142] | |
(2021-02-16 11:01:30): [krb5_child[213704]] [k5c_send_data] (0x4000): Response sent. | |
(2021-02-16 11:01:30): [krb5_child[213704]] [main] (0x0400): krb5_child completed successfully | |
(2021-02-16 11:01:46): [krb5_child[213925]] [main] (0x0400): krb5_child started. | |
(2021-02-16 11:01:46): [krb5_child[213925]] [unpack_buffer] (0x1000): total buffer size: [184] | |
(2021-02-16 11:01:46): [krb5_child[213925]] [unpack_buffer] (0x0100): cmd [241 (auth)] uid [1175201110] gid [1175200513] validate [true] enterprise principal [true] offline [false] UPN [user.test@internal.domain.tld] | |
(2021-02-16 11:01:46): [krb5_child[213925]] [unpack_buffer] (0x0100): ccname: [FILE:/tmp/krb5cc_1175201110_XXXXXX] old_ccname: [FILE:/tmp/krb5cc_1175201110_PfyHAu] keytab: [/etc/krb5.keytab] | |
(2021-02-16 11:01:46): [krb5_child[213925]] [check_use_fast] (0x0100): Not using FAST. | |
(2021-02-16 11:01:46): [krb5_child[213925]] [switch_creds] (0x0200): Switch user to [1175201110][1175200513]. | |
(2021-02-16 11:01:46): [krb5_child[213925]] [switch_creds] (0x0200): Switch user to [0][0]. | |
(2021-02-16 11:01:46): [krb5_child[213925]] [k5c_check_old_ccache] (0x4000): Ccache_file is [FILE:/tmp/krb5cc_1175201110_PfyHAu] and is not active and TGT is valid. | |
(2021-02-16 11:01:46): [krb5_child[213925]] [k5c_precreate_ccache] (0x4000): Recreating ccache | |
(2021-02-16 11:01:46): [krb5_child[213925]] [privileged_krb5_setup] (0x0080): Cannot open the PAC responder socket | |
(2021-02-16 11:01:46): [krb5_child[213925]] [become_user] (0x0200): Trying to become user [1175201110][1175200513]. | |
(2021-02-16 11:01:46): [krb5_child[213925]] [main] (0x2000): Running as [1175201110][1175200513]. | |
(2021-02-16 11:01:46): [krb5_child[213925]] [sss_child_set_krb5_tracing] (0x0100): krb5 tracing is not available | |
(2021-02-16 11:01:46): [krb5_child[213925]] [set_lifetime_options] (0x0100): No specific renewable lifetime requested. | |
(2021-02-16 11:01:46): [krb5_child[213925]] [set_lifetime_options] (0x0100): No specific lifetime requested. | |
(2021-02-16 11:01:46): [krb5_child[213925]] [set_canonicalize_option] (0x0100): Canonicalization is set to [true] | |
(2021-02-16 11:01:46): [krb5_child[213925]] [main] (0x0400): Will perform auth | |
(2021-02-16 11:01:46): [krb5_child[213925]] [main] (0x0400): Will perform online auth | |
(2021-02-16 11:01:46): [krb5_child[213925]] [tgt_req_child] (0x1000): Attempting to get a TGT | |
(2021-02-16 11:01:46): [krb5_child[213925]] [get_and_save_tgt] (0x0400): Attempting kinit for realm [internal.domain.tld] | |
(2021-02-16 11:01:46): [krb5_child[213925]] [sss_krb5_responder] (0x4000): Got question [password]. | |
(2021-02-16 11:01:46): [krb5_child[213925]] [validate_tgt] (0x2000): Found keytab entry with the realm of the credential. | |
(2021-02-16 11:01:46): [krb5_child[213925]] [validate_tgt] (0x0400): TGT verified using key for [restrictedkrbhost/tbh107.internal.domain.tld@internal.domain.tld]. | |
(2021-02-16 11:01:46): [krb5_child[213925]] [sss_send_pac] (0x0040): sss_pac_make_request failed [-1][2]. | |
(2021-02-16 11:01:46): [krb5_child[213925]] [validate_tgt] (0x0040): sss_send_pac failed, group membership for user with principal [user.test\@internal.domain.tld@internal.domain.tld] might not be correct. | |
(2021-02-16 11:01:46): [krb5_child[213925]] [get_and_save_tgt] (0x2000): Running as [1175201110][1175200513]. | |
(2021-02-16 11:01:46): [krb5_child[213925]] [sss_get_ccache_name_for_principal] (0x4000): Location: [FILE:/tmp/krb5cc_1175201110_XXXXXX] | |
(2021-02-16 11:01:46): [krb5_child[213925]] [sss_get_ccache_name_for_principal] (0x2000): krb5_cc_cache_match failed: [-1765328243][Can't find client principal user.test@internal.domain.tld in cache collection] | |
(2021-02-16 11:01:46): [krb5_child[213925]] [create_ccache] (0x4000): Initializing ccache of type [FILE] | |
(2021-02-16 11:01:46): [krb5_child[213925]] [create_ccache] (0x4000): returning: 0 | |
(2021-02-16 11:01:46): [krb5_child[213925]] [switch_creds] (0x0200): Switch user to [1175201110][1175200513]. | |
(2021-02-16 11:01:46): [krb5_child[213925]] [switch_creds] (0x0200): Already user [1175201110]. | |
(2021-02-16 11:01:46): [krb5_child[213925]] [k5c_send_data] (0x0200): Received error code 0 | |
(2021-02-16 11:01:46): [krb5_child[213925]] [pack_response_packet] (0x2000): response packet size: [142] | |
(2021-02-16 11:01:46): [krb5_child[213925]] [k5c_send_data] (0x4000): Response sent. | |
(2021-02-16 11:01:46): [krb5_child[213925]] [main] (0x0400): krb5_child completed successfully | |
(2021-02-16 11:02:10): [krb5_child[214205]] [main] (0x0400): krb5_child started. | |
(2021-02-16 11:02:10): [krb5_child[214205]] [unpack_buffer] (0x1000): total buffer size: [184] | |
(2021-02-16 11:02:10): [krb5_child[214205]] [unpack_buffer] (0x0100): cmd [241 (auth)] uid [1175201110] gid [1175200513] validate [true] enterprise principal [true] offline [false] UPN [user.test@internal.domain.tld] | |
(2021-02-16 11:02:10): [krb5_child[214205]] [unpack_buffer] (0x0100): ccname: [FILE:/tmp/krb5cc_1175201110_XXXXXX] old_ccname: [FILE:/tmp/krb5cc_1175201110_TYSxvO] keytab: [/etc/krb5.keytab] | |
(2021-02-16 11:02:10): [krb5_child[214205]] [check_use_fast] (0x0100): Not using FAST. | |
(2021-02-16 11:02:10): [krb5_child[214205]] [switch_creds] (0x0200): Switch user to [1175201110][1175200513]. | |
(2021-02-16 11:02:10): [krb5_child[214205]] [switch_creds] (0x0200): Switch user to [0][0]. | |
(2021-02-16 11:02:10): [krb5_child[214205]] [k5c_check_old_ccache] (0x4000): Ccache_file is [FILE:/tmp/krb5cc_1175201110_TYSxvO] and is not active and TGT is valid. | |
(2021-02-16 11:02:10): [krb5_child[214205]] [k5c_precreate_ccache] (0x4000): Recreating ccache | |
(2021-02-16 11:02:10): [krb5_child[214205]] [privileged_krb5_setup] (0x0080): Cannot open the PAC responder socket | |
(2021-02-16 11:02:10): [krb5_child[214205]] [become_user] (0x0200): Trying to become user [1175201110][1175200513]. | |
(2021-02-16 11:02:10): [krb5_child[214205]] [main] (0x2000): Running as [1175201110][1175200513]. | |
(2021-02-16 11:02:10): [krb5_child[214205]] [sss_child_set_krb5_tracing] (0x0100): krb5 tracing is not available | |
(2021-02-16 11:02:10): [krb5_child[214205]] [set_lifetime_options] (0x0100): No specific renewable lifetime requested. | |
(2021-02-16 11:02:10): [krb5_child[214205]] [set_lifetime_options] (0x0100): No specific lifetime requested. | |
(2021-02-16 11:02:10): [krb5_child[214205]] [set_canonicalize_option] (0x0100): Canonicalization is set to [true] | |
(2021-02-16 11:02:10): [krb5_child[214205]] [main] (0x0400): Will perform auth | |
(2021-02-16 11:02:10): [krb5_child[214205]] [main] (0x0400): Will perform online auth | |
(2021-02-16 11:02:10): [krb5_child[214205]] [tgt_req_child] (0x1000): Attempting to get a TGT | |
(2021-02-16 11:02:10): [krb5_child[214205]] [get_and_save_tgt] (0x0400): Attempting kinit for realm [internal.domain.tld] | |
(2021-02-16 11:02:10): [krb5_child[214205]] [sss_krb5_responder] (0x4000): Got question [password]. | |
(2021-02-16 11:02:10): [krb5_child[214205]] [validate_tgt] (0x2000): Found keytab entry with the realm of the credential. | |
(2021-02-16 11:02:10): [krb5_child[214205]] [validate_tgt] (0x0400): TGT verified using key for [restrictedkrbhost/tbh107.internal.domain.tld@internal.domain.tld]. | |
(2021-02-16 11:02:10): [krb5_child[214205]] [sss_send_pac] (0x0040): sss_pac_make_request failed [-1][2]. | |
(2021-02-16 11:02:10): [krb5_child[214205]] [validate_tgt] (0x0040): sss_send_pac failed, group membership for user with principal [user.test\@internal.domain.tld@internal.domain.tld] might not be correct. | |
(2021-02-16 11:02:10): [krb5_child[214205]] [get_and_save_tgt] (0x2000): Running as [1175201110][1175200513]. | |
(2021-02-16 11:02:10): [krb5_child[214205]] [sss_get_ccache_name_for_principal] (0x4000): Location: [FILE:/tmp/krb5cc_1175201110_XXXXXX] | |
(2021-02-16 11:02:10): [krb5_child[214205]] [sss_get_ccache_name_for_principal] (0x2000): krb5_cc_cache_match failed: [-1765328243][Can't find client principal user.test@internal.domain.tld in cache collection] | |
(2021-02-16 11:02:10): [krb5_child[214205]] [create_ccache] (0x4000): Initializing ccache of type [FILE] | |
(2021-02-16 11:02:10): [krb5_child[214205]] [create_ccache] (0x4000): returning: 0 | |
(2021-02-16 11:02:10): [krb5_child[214205]] [switch_creds] (0x0200): Switch user to [1175201110][1175200513]. | |
(2021-02-16 11:02:10): [krb5_child[214205]] [switch_creds] (0x0200): Already user [1175201110]. | |
(2021-02-16 11:02:10): [krb5_child[214205]] [k5c_send_data] (0x0200): Received error code 0 | |
(2021-02-16 11:02:10): [krb5_child[214205]] [pack_response_packet] (0x2000): response packet size: [142] | |
(2021-02-16 11:02:10): [krb5_child[214205]] [k5c_send_data] (0x4000): Response sent. | |
(2021-02-16 11:02:10): [krb5_child[214205]] [main] (0x0400): krb5_child completed successfully | |
(2021-02-16 11:03:52): [krb5_child[215287]] [main] (0x0400): krb5_child started. | |
(2021-02-16 11:03:52): [krb5_child[215287]] [unpack_buffer] (0x1000): total buffer size: [184] | |
(2021-02-16 11:03:52): [krb5_child[215287]] [unpack_buffer] (0x0100): cmd [241 (auth)] uid [1175201110] gid [1175200513] validate [true] enterprise principal [true] offline [false] UPN [user.test@internal.domain.tld] | |
(2021-02-16 11:03:52): [krb5_child[215287]] [unpack_buffer] (0x0100): ccname: [FILE:/tmp/krb5cc_1175201110_XXXXXX] old_ccname: [FILE:/tmp/krb5cc_1175201110_jTAYCt] keytab: [/etc/krb5.keytab] | |
(2021-02-16 11:03:52): [krb5_child[215287]] [check_use_fast] (0x0100): Not using FAST. | |
(2021-02-16 11:03:52): [krb5_child[215287]] [switch_creds] (0x0200): Switch user to [1175201110][1175200513]. | |
(2021-02-16 11:03:52): [krb5_child[215287]] [switch_creds] (0x0200): Switch user to [0][0]. | |
(2021-02-16 11:03:52): [krb5_child[215287]] [k5c_check_old_ccache] (0x4000): Ccache_file is [FILE:/tmp/krb5cc_1175201110_jTAYCt] and is not active and TGT is valid. | |
(2021-02-16 11:03:52): [krb5_child[215287]] [k5c_precreate_ccache] (0x4000): Recreating ccache | |
(2021-02-16 11:03:52): [krb5_child[215287]] [privileged_krb5_setup] (0x0080): Cannot open the PAC responder socket | |
(2021-02-16 11:03:52): [krb5_child[215287]] [become_user] (0x0200): Trying to become user [1175201110][1175200513]. | |
(2021-02-16 11:03:52): [krb5_child[215287]] [main] (0x2000): Running as [1175201110][1175200513]. | |
(2021-02-16 11:03:52): [krb5_child[215287]] [sss_child_set_krb5_tracing] (0x0100): krb5 tracing is not available | |
(2021-02-16 11:03:52): [krb5_child[215287]] [set_lifetime_options] (0x0100): No specific renewable lifetime requested. | |
(2021-02-16 11:03:52): [krb5_child[215287]] [set_lifetime_options] (0x0100): No specific lifetime requested. | |
(2021-02-16 11:03:52): [krb5_child[215287]] [set_canonicalize_option] (0x0100): Canonicalization is set to [true] | |
(2021-02-16 11:03:52): [krb5_child[215287]] [main] (0x0400): Will perform auth | |
(2021-02-16 11:03:52): [krb5_child[215287]] [main] (0x0400): Will perform online auth | |
(2021-02-16 11:03:52): [krb5_child[215287]] [tgt_req_child] (0x1000): Attempting to get a TGT | |
(2021-02-16 11:03:52): [krb5_child[215287]] [get_and_save_tgt] (0x0400): Attempting kinit for realm [internal.domain.tld] | |
(2021-02-16 11:03:52): [krb5_child[215287]] [sss_krb5_responder] (0x4000): Got question [password]. | |
(2021-02-16 11:03:52): [krb5_child[215287]] [validate_tgt] (0x2000): Found keytab entry with the realm of the credential. | |
(2021-02-16 11:03:52): [krb5_child[215287]] [validate_tgt] (0x0400): TGT verified using key for [restrictedkrbhost/tbh107.internal.domain.tld@internal.domain.tld]. | |
(2021-02-16 11:03:52): [krb5_child[215287]] [sss_send_pac] (0x0040): sss_pac_make_request failed [-1][2]. | |
(2021-02-16 11:03:52): [krb5_child[215287]] [validate_tgt] (0x0040): sss_send_pac failed, group membership for user with principal [user.test\@internal.domain.tld@internal.domain.tld] might not be correct. | |
(2021-02-16 11:03:52): [krb5_child[215287]] [get_and_save_tgt] (0x2000): Running as [1175201110][1175200513]. | |
(2021-02-16 11:03:52): [krb5_child[215287]] [sss_get_ccache_name_for_principal] (0x4000): Location: [FILE:/tmp/krb5cc_1175201110_XXXXXX] | |
(2021-02-16 11:03:52): [krb5_child[215287]] [sss_get_ccache_name_for_principal] (0x2000): krb5_cc_cache_match failed: [-1765328243][Can't find client principal user.test@internal.domain.tld in cache collection] | |
(2021-02-16 11:03:52): [krb5_child[215287]] [create_ccache] (0x4000): Initializing ccache of type [FILE] | |
(2021-02-16 11:03:52): [krb5_child[215287]] [create_ccache] (0x4000): returning: 0 | |
(2021-02-16 11:03:52): [krb5_child[215287]] [switch_creds] (0x0200): Switch user to [1175201110][1175200513]. | |
(2021-02-16 11:03:52): [krb5_child[215287]] [switch_creds] (0x0200): Already user [1175201110]. | |
(2021-02-16 11:03:52): [krb5_child[215287]] [k5c_send_data] (0x0200): Received error code 0 | |
(2021-02-16 11:03:52): [krb5_child[215287]] [pack_response_packet] (0x2000): response packet size: [142] | |
(2021-02-16 11:03:52): [krb5_child[215287]] [k5c_send_data] (0x4000): Response sent. | |
(2021-02-16 11:03:52): [krb5_child[215287]] [main] (0x0400): krb5_child completed successfully | |
(2021-02-16 15:27:52): [krb5_child[232315]] [main] (0x0400): krb5_child started. | |
(2021-02-16 15:27:52): [krb5_child[232315]] [unpack_buffer] (0x1000): total buffer size: [180] | |
(2021-02-16 15:27:52): [krb5_child[232315]] [unpack_buffer] (0x0100): cmd [241 (auth)] uid [1175200500] gid [1175200513] validate [true] enterprise principal [true] offline [false] UPN [admin@internal.domain.tld] | |
(2021-02-16 15:27:52): [krb5_child[232315]] [unpack_buffer] (0x0100): ccname: [FILE:/tmp/krb5cc_1175200500_XXXXXX] old_ccname: [FILE:/tmp/krb5cc_1175200500_t867LR] keytab: [/etc/krb5.keytab] | |
(2021-02-16 15:27:52): [krb5_child[232315]] [check_use_fast] (0x0100): Not using FAST. | |
(2021-02-16 15:27:52): [krb5_child[232315]] [switch_creds] (0x0200): Switch user to [1175200500][1175200513]. | |
(2021-02-16 15:27:52): [krb5_child[232315]] [switch_creds] (0x0200): Switch user to [0][0]. | |
(2021-02-16 15:27:52): [krb5_child[232315]] [k5c_check_old_ccache] (0x4000): Ccache_file is [FILE:/tmp/krb5cc_1175200500_t867LR] and is active and TGT is valid. | |
(2021-02-16 15:27:52): [krb5_child[232315]] [privileged_krb5_setup] (0x0080): Cannot open the PAC responder socket | |
(2021-02-16 15:27:52): [krb5_child[232315]] [become_user] (0x0200): Trying to become user [1175200500][1175200513]. | |
(2021-02-16 15:27:52): [krb5_child[232315]] [main] (0x2000): Running as [1175200500][1175200513]. | |
(2021-02-16 15:27:52): [krb5_child[232315]] [sss_child_set_krb5_tracing] (0x0100): krb5 tracing is not available | |
(2021-02-16 15:27:52): [krb5_child[232315]] [set_lifetime_options] (0x0100): No specific renewable lifetime requested. | |
(2021-02-16 15:27:52): [krb5_child[232315]] [set_lifetime_options] (0x0100): No specific lifetime requested. | |
(2021-02-16 15:27:52): [krb5_child[232315]] [set_canonicalize_option] (0x0100): Canonicalization is set to [true] | |
(2021-02-16 15:27:52): [krb5_child[232315]] [main] (0x0400): Will perform auth | |
(2021-02-16 15:27:52): [krb5_child[232315]] [main] (0x0400): Will perform online auth | |
(2021-02-16 15:27:52): [krb5_child[232315]] [tgt_req_child] (0x1000): Attempting to get a TGT | |
(2021-02-16 15:27:52): [krb5_child[232315]] [get_and_save_tgt] (0x0400): Attempting kinit for realm [internal.domain.tld] | |
(2021-02-16 15:27:52): [krb5_child[232315]] [sss_krb5_responder] (0x4000): Got question [password]. | |
(2021-02-16 15:27:52): [krb5_child[232315]] [validate_tgt] (0x2000): Found keytab entry with the realm of the credential. | |
(2021-02-16 15:27:52): [krb5_child[232315]] [validate_tgt] (0x0400): TGT verified using key for [restrictedkrbhost/tbh107.internal.domain.tld@internal.domain.tld]. | |
(2021-02-16 15:27:52): [krb5_child[232315]] [sss_send_pac] (0x0040): sss_pac_make_request failed [-1][2]. | |
(2021-02-16 15:27:52): [krb5_child[232315]] [validate_tgt] (0x0040): sss_send_pac failed, group membership for user with principal [admin\@internal.domain.tld@internal.domain.tld] might not be correct. | |
(2021-02-16 15:27:52): [krb5_child[232315]] [get_and_save_tgt] (0x2000): Running as [1175200500][1175200513]. | |
(2021-02-16 15:27:52): [krb5_child[232315]] [sss_get_ccache_name_for_principal] (0x4000): Location: [FILE:/tmp/krb5cc_1175200500_t867LR] | |
(2021-02-16 15:27:52): [krb5_child[232315]] [sss_get_ccache_name_for_principal] (0x4000): tmp_ccname: [FILE:/tmp/krb5cc_1175200500_t867LR] | |
(2021-02-16 15:27:52): [krb5_child[232315]] [create_ccache] (0x4000): Initializing ccache of type [FILE] | |
(2021-02-16 15:27:52): [krb5_child[232315]] [create_ccache] (0x4000): returning: 0 | |
(2021-02-16 15:27:52): [krb5_child[232315]] [safe_remove_old_ccache_file] (0x0400): New and old ccache file are the same, none will be deleted. | |
(2021-02-16 15:27:52): [krb5_child[232315]] [k5c_send_data] (0x0200): Received error code 0 | |
(2021-02-16 15:27:52): [krb5_child[232315]] [pack_response_packet] (0x2000): response packet size: [131] | |
(2021-02-16 15:27:52): [krb5_child[232315]] [k5c_send_data] (0x4000): Response sent. | |
(2021-02-16 15:27:52): [krb5_child[232315]] [main] (0x0400): krb5_child completed successfully | |
(2021-02-16 15:33:20): [krb5_child[236280]] [main] (0x0400): krb5_child started. | |
(2021-02-16 15:33:20): [krb5_child[236280]] [unpack_buffer] (0x1000): total buffer size: [180] | |
(2021-02-16 15:33:20): [krb5_child[236280]] [unpack_buffer] (0x0100): cmd [241 (auth)] uid [1175200500] gid [1175200513] validate [true] enterprise principal [true] offline [false] UPN [admin@internal.domain.tld] | |
(2021-02-16 15:33:20): [krb5_child[236280]] [unpack_buffer] (0x0100): ccname: [FILE:/tmp/krb5cc_1175200500_XXXXXX] old_ccname: [FILE:/tmp/krb5cc_1175200500_t867LR] keytab: [/etc/krb5.keytab] | |
(2021-02-16 15:33:20): [krb5_child[236280]] [check_use_fast] (0x0100): Not using FAST. | |
(2021-02-16 15:33:20): [krb5_child[236280]] [switch_creds] (0x0200): Switch user to [1175200500][1175200513]. | |
(2021-02-16 15:33:20): [krb5_child[236280]] [switch_creds] (0x0200): Switch user to [0][0]. | |
(2021-02-16 15:33:20): [krb5_child[236280]] [k5c_check_old_ccache] (0x4000): Ccache_file is [FILE:/tmp/krb5cc_1175200500_t867LR] and is active and TGT is valid. | |
(2021-02-16 15:33:20): [krb5_child[236280]] [privileged_krb5_setup] (0x0080): Cannot open the PAC responder socket | |
(2021-02-16 15:33:20): [krb5_child[236280]] [become_user] (0x0200): Trying to become user [1175200500][1175200513]. | |
(2021-02-16 15:33:20): [krb5_child[236280]] [main] (0x2000): Running as [1175200500][1175200513]. | |
(2021-02-16 15:33:20): [krb5_child[236280]] [sss_child_set_krb5_tracing] (0x0100): krb5 tracing is not available | |
(2021-02-16 15:33:20): [krb5_child[236280]] [set_lifetime_options] (0x0100): No specific renewable lifetime requested. | |
(2021-02-16 15:33:20): [krb5_child[236280]] [set_lifetime_options] (0x0100): No specific lifetime requested. | |
(2021-02-16 15:33:20): [krb5_child[236280]] [set_canonicalize_option] (0x0100): Canonicalization is set to [true] | |
(2021-02-16 15:33:20): [krb5_child[236280]] [main] (0x0400): Will perform auth | |
(2021-02-16 15:33:20): [krb5_child[236280]] [main] (0x0400): Will perform online auth | |
(2021-02-16 15:33:20): [krb5_child[236280]] [tgt_req_child] (0x1000): Attempting to get a TGT | |
(2021-02-16 15:33:20): [krb5_child[236280]] [get_and_save_tgt] (0x0400): Attempting kinit for realm [internal.domain.tld] | |
(2021-02-16 15:33:20): [krb5_child[236280]] [sss_krb5_responder] (0x4000): Got question [password]. | |
(2021-02-16 15:33:20): [krb5_child[236280]] [validate_tgt] (0x2000): Found keytab entry with the realm of the credential. | |
(2021-02-16 15:33:20): [krb5_child[236280]] [validate_tgt] (0x0400): TGT verified using key for [restrictedkrbhost/tbh107.internal.domain.tld@internal.domain.tld]. | |
(2021-02-16 15:33:20): [krb5_child[236280]] [sss_send_pac] (0x0040): sss_pac_make_request failed [-1][2]. | |
(2021-02-16 15:33:20): [krb5_child[236280]] [validate_tgt] (0x0040): sss_send_pac failed, group membership for user with principal [admin\@internal.domain.tld@internal.domain.tld] might not be correct. | |
(2021-02-16 15:33:20): [krb5_child[236280]] [get_and_save_tgt] (0x2000): Running as [1175200500][1175200513]. | |
(2021-02-16 15:33:20): [krb5_child[236280]] [sss_get_ccache_name_for_principal] (0x4000): Location: [FILE:/tmp/krb5cc_1175200500_t867LR] | |
(2021-02-16 15:33:20): [krb5_child[236280]] [sss_get_ccache_name_for_principal] (0x4000): tmp_ccname: [FILE:/tmp/krb5cc_1175200500_t867LR] | |
(2021-02-16 15:33:20): [krb5_child[236280]] [create_ccache] (0x4000): Initializing ccache of type [FILE] | |
(2021-02-16 15:33:20): [krb5_child[236280]] [create_ccache] (0x4000): returning: 0 | |
(2021-02-16 15:33:20): [krb5_child[236280]] [safe_remove_old_ccache_file] (0x0400): New and old ccache file are the same, none will be deleted. | |
(2021-02-16 15:33:20): [krb5_child[236280]] [k5c_send_data] (0x0200): Received error code 0 | |
(2021-02-16 15:33:20): [krb5_child[236280]] [pack_response_packet] (0x2000): response packet size: [131] | |
(2021-02-16 15:33:20): [krb5_child[236280]] [k5c_send_data] (0x4000): Response sent. | |
(2021-02-16 15:33:20): [krb5_child[236280]] [main] (0x0400): krb5_child completed successfully |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
(2021-02-16 18:23:42): [krb5_child[440589]] [main] (0x0400): krb5_child started. | |
(2021-02-16 18:23:42): [krb5_child[440589]] [unpack_buffer] (0x1000): total buffer size: [184] | |
(2021-02-16 18:23:42): [krb5_child[440589]] [unpack_buffer] (0x0100): cmd [241 (auth)] uid [1175201110] gid [1175200513] validate [true] enterprise principal [true] offline [false] UPN [user.test@INTERNAL.DOMAIN.TLD] | |
(2021-02-16 18:23:42): [krb5_child[440589]] [unpack_buffer] (0x0100): ccname: [FILE:/tmp/krb5cc_1175201110_XXXXXX] old_ccname: [FILE:/tmp/krb5cc_1175201110_VTG81R] keytab: [/etc/krb5.keytab] | |
(2021-02-16 18:23:42): [krb5_child[440589]] [check_use_fast] (0x0100): Not using FAST. | |
(2021-02-16 18:23:42): [krb5_child[440589]] [switch_creds] (0x0200): Switch user to [1175201110][1175200513]. | |
(2021-02-16 18:23:42): [krb5_child[440589]] [switch_creds] (0x0200): Switch user to [0][0]. | |
(2021-02-16 18:23:42): [krb5_child[440589]] [k5c_check_old_ccache] (0x4000): Ccache_file is [FILE:/tmp/krb5cc_1175201110_VTG81R] and is active and TGT is valid. | |
(2021-02-16 18:23:42): [krb5_child[440589]] [privileged_krb5_setup] (0x0080): Cannot open the PAC responder socket | |
(2021-02-16 18:23:42): [krb5_child[440589]] [become_user] (0x0200): Trying to become user [1175201110][1175200513]. | |
(2021-02-16 18:23:42): [krb5_child[440589]] [main] (0x2000): Running as [1175201110][1175200513]. | |
(2021-02-16 18:23:42): [krb5_child[440589]] [set_lifetime_options] (0x0100): No specific renewable lifetime requested. | |
(2021-02-16 18:23:42): [krb5_child[440589]] [set_lifetime_options] (0x0100): No specific lifetime requested. | |
(2021-02-16 18:23:42): [krb5_child[440589]] [set_canonicalize_option] (0x0100): Canonicalization is set to [true] | |
(2021-02-16 18:23:42): [krb5_child[440589]] [main] (0x0400): Will perform auth | |
(2021-02-16 18:23:42): [krb5_child[440589]] [main] (0x0400): Will perform online auth | |
(2021-02-16 18:23:42): [krb5_child[440589]] [tgt_req_child] (0x1000): Attempting to get a TGT | |
(2021-02-16 18:23:42): [krb5_child[440589]] [get_and_save_tgt] (0x0400): Attempting kinit for realm [INTERNAL.DOMAIN.TLD] | |
(2021-02-16 18:23:42): [krb5_child[440589]] [sss_child_krb5_trace_cb] (0x4000): [440589] 1613496222.893845: Getting initial credentials for user.test\@INTERNAL.DOMAIN.TLD@INTERNAL.DOMAIN.TLD | |
(2021-02-16 18:23:42): [krb5_child[440589]] [sss_child_krb5_trace_cb] (0x4000): [440589] 1613496222.893847: Sending unauthenticated request | |
(2021-02-16 18:23:42): [krb5_child[440589]] [sss_child_krb5_trace_cb] (0x4000): [440589] 1613496222.893848: Sending request (246 bytes) to INTERNAL.DOMAIN.TLD | |
(2021-02-16 18:23:42): [krb5_child[440589]] [sss_child_krb5_trace_cb] (0x4000): [440589] 1613496222.893849: Initiating TCP connection to stream 10.8.0.3:88 | |
(2021-02-16 18:23:42): [krb5_child[440589]] [sss_child_krb5_trace_cb] (0x4000): [440589] 1613496222.893850: Sending TCP request to stream 10.8.0.3:88 | |
(2021-02-16 18:23:42): [krb5_child[440589]] [sss_child_krb5_trace_cb] (0x4000): [440589] 1613496222.893851: Received answer (214 bytes) from stream 10.8.0.3:88 | |
(2021-02-16 18:23:42): [krb5_child[440589]] [sss_child_krb5_trace_cb] (0x4000): [440589] 1613496222.893852: Terminating TCP connection to stream 10.8.0.3:88 | |
(2021-02-16 18:23:42): [krb5_child[440589]] [sss_child_krb5_trace_cb] (0x4000): [440589] 1613496222.893853: Response was from master KDC | |
(2021-02-16 18:23:42): [krb5_child[440589]] [sss_child_krb5_trace_cb] (0x4000): [440589] 1613496222.893854: Received error from KDC: -1765328359/Additional pre-authentication required | |
(2021-02-16 18:23:42): [krb5_child[440589]] [sss_child_krb5_trace_cb] (0x4000): [440589] 1613496222.893857: Preauthenticating using KDC method data | |
(2021-02-16 18:23:42): [krb5_child[440589]] [sss_child_krb5_trace_cb] (0x4000): [440589] 1613496222.893858: Processing preauth types: PA-PK-AS-REQ (16), PA-PK-AS-REP_OLD (15), PA-ETYPE-INFO2 (19), PA-ENC-TIMESTAMP (2) | |
(2021-02-16 18:23:42): [krb5_child[440589]] [sss_child_krb5_trace_cb] (0x4000): [440589] 1613496222.893859: Selected etype info: etype aes256-cts, salt "INTERNAL.DOMAIN.TLDuser.test", params "" | |
(2021-02-16 18:23:42): [krb5_child[440589]] [sss_child_krb5_trace_cb] (0x4000): [440589] 1613496222.893860: PKINIT client has no configured identity; giving up | |
(2021-02-16 18:23:42): [krb5_child[440589]] [sss_krb5_responder] (0x4000): Got question [password]. | |
(2021-02-16 18:23:42): [krb5_child[440589]] [sss_child_krb5_trace_cb] (0x4000): [440589] 1613496222.893861: PKINIT client has no configured identity; giving up | |
(2021-02-16 18:23:42): [krb5_child[440589]] [sss_child_krb5_trace_cb] (0x4000): [440589] 1613496222.893862: Preauth module pkinit (16) (real) returned: 22/Invalid argument | |
(2021-02-16 18:23:42): [krb5_child[440589]] [sss_child_krb5_trace_cb] (0x4000): [440589] 1613496222.893863: AS key obtained for encrypted timestamp: aes256-cts/2F7E | |
(2021-02-16 18:23:42): [krb5_child[440589]] [sss_child_krb5_trace_cb] (0x4000): [440589] 1613496222.893865: Encrypted timestamp (for 1613496222.620712): plain 301AA011180F32303231303231363137323334325AA10502030978A8, encrypted D752CE2230568EE6EA9C6FB9F29CBB2144A6650829B1E11C18596BE82257523E9E9DE4956E6F8AF2714241FA18CDCF61CEC83E7F050D9D30 | |
(2021-02-16 18:23:42): [krb5_child[440589]] [sss_child_krb5_trace_cb] (0x4000): [440589] 1613496222.893866: Preauth module encrypted_timestamp (2) (real) returned: 0/Success | |
(2021-02-16 18:23:42): [krb5_child[440589]] [sss_child_krb5_trace_cb] (0x4000): [440589] 1613496222.893867: Produced preauth for next request: PA-ENC-TIMESTAMP (2) | |
(2021-02-16 18:23:42): [krb5_child[440589]] [sss_child_krb5_trace_cb] (0x4000): [440589] 1613496222.893868: Sending request (326 bytes) to INTERNAL.DOMAIN.TLD | |
(2021-02-16 18:23:42): [krb5_child[440589]] [sss_child_krb5_trace_cb] (0x4000): [440589] 1613496222.893869: Initiating TCP connection to stream 10.8.0.3:88 | |
(2021-02-16 18:23:42): [krb5_child[440589]] [sss_child_krb5_trace_cb] (0x4000): [440589] 1613496222.893870: Sending TCP request to stream 10.8.0.3:88 | |
(2021-02-16 18:23:42): [krb5_child[440589]] [sss_child_krb5_trace_cb] (0x4000): [440589] 1613496222.893871: Received answer (1749 bytes) from stream 10.8.0.3:88 | |
(2021-02-16 18:23:42): [krb5_child[440589]] [sss_child_krb5_trace_cb] (0x4000): [440589] 1613496222.893872: Terminating TCP connection to stream 10.8.0.3:88 | |
(2021-02-16 18:23:42): [krb5_child[440589]] [sss_child_krb5_trace_cb] (0x4000): [440589] 1613496222.893873: Response was from master KDC | |
(2021-02-16 18:23:42): [krb5_child[440589]] [sss_child_krb5_trace_cb] (0x4000): [440589] 1613496222.893874: Processing preauth types: PA-ETYPE-INFO2 (19) | |
(2021-02-16 18:23:42): [krb5_child[440589]] [sss_child_krb5_trace_cb] (0x4000): [440589] 1613496222.893875: Selected etype info: etype aes256-cts, salt "INTERNAL.DOMAIN.TLDuser.test", params "" | |
(2021-02-16 18:23:42): [krb5_child[440589]] [sss_child_krb5_trace_cb] (0x4000): [440589] 1613496222.893876: Produced preauth for next request: (empty) | |
(2021-02-16 18:23:42): [krb5_child[440589]] [sss_child_krb5_trace_cb] (0x4000): [440589] 1613496222.893877: AS key determined by preauth: aes256-cts/2F7E | |
(2021-02-16 18:23:42): [krb5_child[440589]] [sss_child_krb5_trace_cb] (0x4000): [440589] 1613496222.893878: Decrypted AS reply; session key is: aes256-cts/A73B | |
(2021-02-16 18:23:42): [krb5_child[440589]] [sss_child_krb5_trace_cb] (0x4000): [440589] 1613496222.893879: FAST negotiation: unavailable | |
(2021-02-16 18:23:42): [krb5_child[440589]] [validate_tgt] (0x2000): Found keytab entry with the realm of the credential. | |
(2021-02-16 18:23:42): [krb5_child[440589]] [sss_child_krb5_trace_cb] (0x4000): [440589] 1613496222.893880: Retrieving restrictedkrbhost/tbh107.internal.domain.tld@INTERNAL.DOMAIN.TLD from MEMORY:/etc/krb5.keytab (vno 0, enctype 0) with result: 0/Success | |
(2021-02-16 18:23:42): [krb5_child[440589]] [sss_child_krb5_trace_cb] (0x4000): [440589] 1613496222.893881: Resolving unique ccache of type MEMORY | |
(2021-02-16 18:23:42): [krb5_child[440589]] [sss_child_krb5_trace_cb] (0x4000): [440589] 1613496222.893882: Initializing MEMORY:PzC391u with default princ user.test@INTERNAL.DOMAIN.TLD | |
(2021-02-16 18:23:42): [krb5_child[440589]] [sss_child_krb5_trace_cb] (0x4000): [440589] 1613496222.893883: Storing user.test@INTERNAL.DOMAIN.TLD -> krbtgt/INTERNAL.DOMAIN.TLD@INTERNAL.DOMAIN.TLD in MEMORY:PzC391u | |
(2021-02-16 18:23:42): [krb5_child[440589]] [sss_child_krb5_trace_cb] (0x4000): [440589] 1613496222.893884: Getting credentials user.test@INTERNAL.DOMAIN.TLD -> restrictedkrbhost/tbh107.internal.domain.tld@INTERNAL.DOMAIN.TLD using ccache MEMORY:PzC391u | |
(2021-02-16 18:23:42): [krb5_child[440589]] [sss_child_krb5_trace_cb] (0x4000): [440589] 1613496222.893885: Retrieving user.test@INTERNAL.DOMAIN.TLD -> restrictedkrbhost/tbh107.internal.domain.tld@INTERNAL.DOMAIN.TLD from MEMORY:PzC391u with result: -1765328243/Matching credential not found | |
(2021-02-16 18:23:42): [krb5_child[440589]] [sss_child_krb5_trace_cb] (0x4000): [440589] 1613496222.893886: Retrieving user.test@INTERNAL.DOMAIN.TLD -> krbtgt/INTERNAL.DOMAIN.TLD@INTERNAL.DOMAIN.TLD from MEMORY:PzC391u with result: 0/Success | |
(2021-02-16 18:23:42): [krb5_child[440589]] [sss_child_krb5_trace_cb] (0x4000): [440589] 1613496222.893887: Starting with TGT for client realm: user.test@INTERNAL.DOMAIN.TLD -> krbtgt/INTERNAL.DOMAIN.TLD@INTERNAL.DOMAIN.TLD | |
(2021-02-16 18:23:42): [krb5_child[440589]] [sss_child_krb5_trace_cb] (0x4000): [440589] 1613496222.893888: Requesting tickets for restrictedkrbhost/tbh107.internal.domain.tld@INTERNAL.DOMAIN.TLD, referrals on | |
(2021-02-16 18:23:42): [krb5_child[440589]] [sss_child_krb5_trace_cb] (0x4000): [440589] 1613496222.893889: Generated subkey for TGS request: aes256-cts/05D4 | |
(2021-02-16 18:23:42): [krb5_child[440589]] [sss_child_krb5_trace_cb] (0x4000): [440589] 1613496222.893890: etypes requested in TGS request: aes256-cts, aes128-cts, aes256-sha2, aes128-sha2, des3-cbc-sha1, rc4-hmac, camellia128-cts, camellia256-cts | |
(2021-02-16 18:23:42): [krb5_child[440589]] [sss_child_krb5_trace_cb] (0x4000): [440589] 1613496222.893892: Encoding request body and padata into FAST request | |
(2021-02-16 18:23:42): [krb5_child[440589]] [sss_child_krb5_trace_cb] (0x4000): [440589] 1613496222.893893: Sending request (1933 bytes) to INTERNAL.DOMAIN.TLD | |
(2021-02-16 18:23:42): [krb5_child[440589]] [sss_child_krb5_trace_cb] (0x4000): [440589] 1613496222.893894: Initiating TCP connection to stream 10.8.0.3:88 | |
(2021-02-16 18:23:43): [krb5_child[440589]] [sss_child_krb5_trace_cb] (0x4000): [440589] 1613496223.002939: Sending TCP request to stream 10.8.0.3:88 | |
(2021-02-16 18:23:43): [krb5_child[440589]] [sss_child_krb5_trace_cb] (0x4000): [440589] 1613496223.002940: Received answer (1952 bytes) from stream 10.8.0.3:88 | |
(2021-02-16 18:23:43): [krb5_child[440589]] [sss_child_krb5_trace_cb] (0x4000): [440589] 1613496223.002941: Terminating TCP connection to stream 10.8.0.3:88 | |
(2021-02-16 18:23:43): [krb5_child[440589]] [sss_child_krb5_trace_cb] (0x4000): [440589] 1613496223.002942: Response was from master KDC | |
(2021-02-16 18:23:43): [krb5_child[440589]] [sss_child_krb5_trace_cb] (0x4000): [440589] 1613496223.002943: Decoding FAST response | |
(2021-02-16 18:23:43): [krb5_child[440589]] [sss_child_krb5_trace_cb] (0x4000): [440589] 1613496223.002944: FAST reply key: aes256-cts/B62F | |
(2021-02-16 18:23:43): [krb5_child[440589]] [sss_child_krb5_trace_cb] (0x4000): [440589] 1613496223.002945: TGS reply is for user.test@INTERNAL.DOMAIN.TLD -> restrictedkrbhost/tbh107.internal.domain.tld@INTERNAL.DOMAIN.TLD with session key aes256-cts/5D0E | |
(2021-02-16 18:23:43): [krb5_child[440589]] [sss_child_krb5_trace_cb] (0x4000): [440589] 1613496223.002946: TGS request result: 0/Success | |
(2021-02-16 18:23:43): [krb5_child[440589]] [sss_child_krb5_trace_cb] (0x4000): [440589] 1613496223.002947: Received creds for desired service restrictedkrbhost/tbh107.internal.domain.tld@INTERNAL.DOMAIN.TLD | |
(2021-02-16 18:23:43): [krb5_child[440589]] [sss_child_krb5_trace_cb] (0x4000): [440589] 1613496223.002948: Storing user.test@INTERNAL.DOMAIN.TLD -> restrictedkrbhost/tbh107.internal.domain.tld@INTERNAL.DOMAIN.TLD in MEMORY:PzC391u | |
(2021-02-16 18:23:43): [krb5_child[440589]] [sss_child_krb5_trace_cb] (0x4000): [440589] 1613496223.002949: Creating authenticator for user.test@INTERNAL.DOMAIN.TLD -> restrictedkrbhost/tbh107.internal.domain.tld@INTERNAL.DOMAIN.TLD, seqnum 0, subkey (null), session key aes256-cts/5D0E | |
(2021-02-16 18:23:43): [krb5_child[440589]] [sss_child_krb5_trace_cb] (0x4000): [440589] 1613496223.002951: Retrieving restrictedkrbhost/tbh107.internal.domain.tld@INTERNAL.DOMAIN.TLD from MEMORY:/etc/krb5.keytab (vno 4, enctype aes256-cts) with result: 0/Success | |
(2021-02-16 18:23:43): [krb5_child[440589]] [sss_child_krb5_trace_cb] (0x4000): [440589] 1613496223.002952: Decrypted AP-REQ with specified server principal restrictedkrbhost/tbh107.internal.domain.tld@INTERNAL.DOMAIN.TLD: aes256-cts/9816 | |
(2021-02-16 18:23:43): [krb5_child[440589]] [sss_child_krb5_trace_cb] (0x4000): [440589] 1613496223.002953: AP-REQ ticket: user.test@INTERNAL.DOMAIN.TLD -> restrictedkrbhost/tbh107.internal.domain.tld@INTERNAL.DOMAIN.TLD, session key aes256-cts/5D0E | |
(2021-02-16 18:23:43): [krb5_child[440589]] [sss_child_krb5_trace_cb] (0x4000): [440589] 1613496223.002954: Negotiated enctype based on authenticator: aes256-cts | |
(2021-02-16 18:23:43): [krb5_child[440589]] [sss_child_krb5_trace_cb] (0x4000): [440589] 1613496223.002955: Initializing MEMORY:rd_req2 with default princ user.test@INTERNAL.DOMAIN.TLD | |
(2021-02-16 18:23:43): [krb5_child[440589]] [sss_child_krb5_trace_cb] (0x4000): [440589] 1613496223.002956: Storing user.test@INTERNAL.DOMAIN.TLD -> restrictedkrbhost/tbh107.internal.domain.tld@INTERNAL.DOMAIN.TLD in MEMORY:rd_req2 | |
(2021-02-16 18:23:43): [krb5_child[440589]] [sss_child_krb5_trace_cb] (0x4000): [440589] 1613496223.002957: Destroying ccache MEMORY:PzC391u | |
(2021-02-16 18:23:43): [krb5_child[440589]] [validate_tgt] (0x0400): TGT verified using key for [restrictedkrbhost/tbh107.internal.domain.tld@INTERNAL.DOMAIN.TLD]. | |
(2021-02-16 18:23:43): [krb5_child[440589]] [sss_child_krb5_trace_cb] (0x4000): [440589] 1613496223.002958: Retrieving user.test@INTERNAL.DOMAIN.TLD -> restrictedkrbhost/tbh107.internal.domain.tld@INTERNAL.DOMAIN.TLD from MEMORY:rd_req2 with result: 0/Success | |
(2021-02-16 18:23:43): [krb5_child[440589]] [sss_child_krb5_trace_cb] (0x4000): [440589] 1613496223.002959: Retrieving restrictedkrbhost/tbh107.internal.domain.tld@INTERNAL.DOMAIN.TLD from MEMORY:/etc/krb5.keytab (vno 4, enctype aes256-cts) with result: 0/Success | |
(2021-02-16 18:23:43): [krb5_child[440589]] [sss_send_pac] (0x0040): sss_pac_make_request failed [-1][2]. | |
(2021-02-16 18:23:43): [krb5_child[440589]] [validate_tgt] (0x0040): sss_send_pac failed, group membership for user with principal [user.test\@INTERNAL.DOMAIN.TLD@INTERNAL.DOMAIN.TLD] might not be correct. | |
(2021-02-16 18:23:43): [krb5_child[440589]] [sss_child_krb5_trace_cb] (0x4000): [440589] 1613496223.002960: Destroying ccache MEMORY:rd_req2 | |
(2021-02-16 18:23:43): [krb5_child[440589]] [get_and_save_tgt] (0x2000): Running as [1175201110][1175200513]. | |
(2021-02-16 18:23:43): [krb5_child[440589]] [sss_get_ccache_name_for_principal] (0x4000): Location: [FILE:/tmp/krb5cc_1175201110_VTG81R] | |
(2021-02-16 18:23:43): [krb5_child[440589]] [sss_get_ccache_name_for_principal] (0x4000): tmp_ccname: [FILE:/tmp/krb5cc_1175201110_VTG81R] | |
(2021-02-16 18:23:43): [krb5_child[440589]] [create_ccache] (0x4000): Initializing ccache of type [FILE] | |
(2021-02-16 18:23:43): [krb5_child[440589]] [create_ccache] (0x4000): returning: 0 | |
(2021-02-16 18:23:43): [krb5_child[440589]] [safe_remove_old_ccache_file] (0x0400): New and old ccache file are the same, none will be deleted. | |
(2021-02-16 18:23:43): [krb5_child[440589]] [k5c_send_data] (0x0200): Received error code 0 | |
(2021-02-16 18:23:43): [krb5_child[440589]] [pack_response_packet] (0x2000): response packet size: [142] | |
(2021-02-16 18:23:43): [krb5_child[440589]] [k5c_send_data] (0x4000): Response sent. | |
(2021-02-16 18:23:43): [krb5_child[440589]] [main] (0x0400): krb5_child completed successfully | |
(2021-02-16 18:28:22): [krb5_child[443555]] [main] (0x0400): krb5_child started. | |
(2021-02-16 18:28:22): [krb5_child[443555]] [unpack_buffer] (0x1000): total buffer size: [143] | |
(2021-02-16 18:28:22): [krb5_child[443555]] [unpack_buffer] (0x0100): cmd [241 (auth)] uid [1175201110] gid [1175200513] validate [true] enterprise principal [true] offline [false] UPN [user.test@TBHYDRO.NET] | |
(2021-02-16 18:28:22): [krb5_child[443555]] [unpack_buffer] (0x2000): No old ccache | |
(2021-02-16 18:28:22): [krb5_child[443555]] [unpack_buffer] (0x0100): ccname: [FILE:/tmp/krb5cc_1175201110_XXXXXX] old_ccname: [not set] keytab: [/etc/krb5.keytab] | |
(2021-02-16 18:28:22): [krb5_child[443555]] [check_use_fast] (0x0100): Not using FAST. | |
(2021-02-16 18:28:22): [krb5_child[443555]] [k5c_precreate_ccache] (0x4000): Recreating ccache | |
(2021-02-16 18:28:22): [krb5_child[443555]] [privileged_krb5_setup] (0x0080): Cannot open the PAC responder socket | |
(2021-02-16 18:28:22): [krb5_child[443555]] [become_user] (0x0200): Trying to become user [1175201110][1175200513]. | |
(2021-02-16 18:28:22): [krb5_child[443555]] [main] (0x2000): Running as [1175201110][1175200513]. | |
(2021-02-16 18:28:22): [krb5_child[443555]] [set_lifetime_options] (0x0100): No specific renewable lifetime requested. | |
(2021-02-16 18:28:22): [krb5_child[443555]] [set_lifetime_options] (0x0100): No specific lifetime requested. | |
(2021-02-16 18:28:22): [krb5_child[443555]] [set_canonicalize_option] (0x0100): Canonicalization is set to [true] | |
(2021-02-16 18:28:22): [krb5_child[443555]] [main] (0x0400): Will perform auth | |
(2021-02-16 18:28:22): [krb5_child[443555]] [main] (0x0400): Will perform online auth | |
(2021-02-16 18:28:22): [krb5_child[443555]] [tgt_req_child] (0x1000): Attempting to get a TGT | |
(2021-02-16 18:28:22): [krb5_child[443555]] [get_and_save_tgt] (0x0400): Attempting kinit for realm [INTERNAL.DOMAIN.TLD] | |
(2021-02-16 18:28:22): [krb5_child[443555]] [sss_child_krb5_trace_cb] (0x4000): [443555] 1613496502.469849: Getting initial credentials for user.test\@TBHYDRO.NET@INTERNAL.DOMAIN.TLD | |
(2021-02-16 18:28:22): [krb5_child[443555]] [sss_child_krb5_trace_cb] (0x4000): [443555] 1613496502.469851: Sending unauthenticated request | |
(2021-02-16 18:28:22): [krb5_child[443555]] [sss_child_krb5_trace_cb] (0x4000): [443555] 1613496502.469852: Sending request (239 bytes) to INTERNAL.DOMAIN.TLD | |
(2021-02-16 18:28:22): [krb5_child[443555]] [sss_child_krb5_trace_cb] (0x4000): [443555] 1613496502.469853: Initiating TCP connection to stream 10.8.0.3:88 | |
(2021-02-16 18:28:22): [krb5_child[443555]] [sss_child_krb5_trace_cb] (0x4000): [443555] 1613496502.469854: Sending TCP request to stream 10.8.0.3:88 | |
(2021-02-16 18:28:22): [krb5_child[443555]] [sss_child_krb5_trace_cb] (0x4000): [443555] 1613496502.469855: Received answer (214 bytes) from stream 10.8.0.3:88 | |
(2021-02-16 18:28:22): [krb5_child[443555]] [sss_child_krb5_trace_cb] (0x4000): [443555] 1613496502.469856: Terminating TCP connection to stream 10.8.0.3:88 | |
(2021-02-16 18:28:22): [krb5_child[443555]] [sss_child_krb5_trace_cb] (0x4000): [443555] 1613496502.469857: Response was from master KDC | |
(2021-02-16 18:28:22): [krb5_child[443555]] [sss_child_krb5_trace_cb] (0x4000): [443555] 1613496502.469858: Received error from KDC: -1765328359/Additional pre-authentication required | |
(2021-02-16 18:28:22): [krb5_child[443555]] [sss_child_krb5_trace_cb] (0x4000): [443555] 1613496502.469861: Preauthenticating using KDC method data | |
(2021-02-16 18:28:22): [krb5_child[443555]] [sss_child_krb5_trace_cb] (0x4000): [443555] 1613496502.469862: Processing preauth types: PA-PK-AS-REQ (16), PA-PK-AS-REP_OLD (15), PA-ETYPE-INFO2 (19), PA-ENC-TIMESTAMP (2) | |
(2021-02-16 18:28:22): [krb5_child[443555]] [sss_child_krb5_trace_cb] (0x4000): [443555] 1613496502.469863: Selected etype info: etype aes256-cts, salt "INTERNAL.DOMAIN.TLDuser.test", params "" | |
(2021-02-16 18:28:22): [krb5_child[443555]] [sss_child_krb5_trace_cb] (0x4000): [443555] 1613496502.469864: PKINIT client has no configured identity; giving up | |
(2021-02-16 18:28:22): [krb5_child[443555]] [sss_krb5_responder] (0x4000): Got question [password]. | |
(2021-02-16 18:28:22): [krb5_child[443555]] [sss_child_krb5_trace_cb] (0x4000): [443555] 1613496502.469865: PKINIT client has no configured identity; giving up | |
(2021-02-16 18:28:22): [krb5_child[443555]] [sss_child_krb5_trace_cb] (0x4000): [443555] 1613496502.469866: Preauth module pkinit (16) (real) returned: 22/Invalid argument | |
(2021-02-16 18:28:22): [krb5_child[443555]] [sss_child_krb5_trace_cb] (0x4000): [443555] 1613496502.469867: AS key obtained for encrypted timestamp: aes256-cts/2F7E | |
(2021-02-16 18:28:22): [krb5_child[443555]] [sss_child_krb5_trace_cb] (0x4000): [443555] 1613496502.469869: Encrypted timestamp (for 1613496502.681468): plain 301AA011180F32303231303231363137323832325AA10502030A65FC, encrypted AB33A55EF7E5264FEA7FA4AABF06C619B093B01163E54100EE8EAD4318419F16878B704C2B68BA009CE1EEE951B6F54A9651EE9868A1AF87 | |
(2021-02-16 18:28:22): [krb5_child[443555]] [sss_child_krb5_trace_cb] (0x4000): [443555] 1613496502.469870: Preauth module encrypted_timestamp (2) (real) returned: 0/Success | |
(2021-02-16 18:28:22): [krb5_child[443555]] [sss_child_krb5_trace_cb] (0x4000): [443555] 1613496502.469871: Produced preauth for next request: PA-ENC-TIMESTAMP (2) | |
(2021-02-16 18:28:22): [krb5_child[443555]] [sss_child_krb5_trace_cb] (0x4000): [443555] 1613496502.469872: Sending request (319 bytes) to INTERNAL.DOMAIN.TLD | |
(2021-02-16 18:28:22): [krb5_child[443555]] [sss_child_krb5_trace_cb] (0x4000): [443555] 1613496502.469873: Initiating TCP connection to stream 10.8.0.3:88 | |
(2021-02-16 18:28:22): [krb5_child[443555]] [sss_child_krb5_trace_cb] (0x4000): [443555] 1613496502.469874: Sending TCP request to stream 10.8.0.3:88 | |
(2021-02-16 18:28:22): [krb5_child[443555]] [sss_child_krb5_trace_cb] (0x4000): [443555] 1613496502.469875: Received answer (1749 bytes) from stream 10.8.0.3:88 | |
(2021-02-16 18:28:22): [krb5_child[443555]] [sss_child_krb5_trace_cb] (0x4000): [443555] 1613496502.469876: Terminating TCP connection to stream 10.8.0.3:88 | |
(2021-02-16 18:28:22): [krb5_child[443555]] [sss_child_krb5_trace_cb] (0x4000): [443555] 1613496502.469877: Response was from master KDC | |
(2021-02-16 18:28:22): [krb5_child[443555]] [sss_child_krb5_trace_cb] (0x4000): [443555] 1613496502.469878: Processing preauth types: PA-ETYPE-INFO2 (19) | |
(2021-02-16 18:28:22): [krb5_child[443555]] [sss_child_krb5_trace_cb] (0x4000): [443555] 1613496502.469879: Selected etype info: etype aes256-cts, salt "INTERNAL.DOMAIN.TLDuser.test", params "" | |
(2021-02-16 18:28:22): [krb5_child[443555]] [sss_child_krb5_trace_cb] (0x4000): [443555] 1613496502.469880: Produced preauth for next request: (empty) | |
(2021-02-16 18:28:22): [krb5_child[443555]] [sss_child_krb5_trace_cb] (0x4000): [443555] 1613496502.469881: AS key determined by preauth: aes256-cts/2F7E | |
(2021-02-16 18:28:22): [krb5_child[443555]] [sss_child_krb5_trace_cb] (0x4000): [443555] 1613496502.469882: Decrypted AS reply; session key is: aes256-cts/422A | |
(2021-02-16 18:28:22): [krb5_child[443555]] [sss_child_krb5_trace_cb] (0x4000): [443555] 1613496502.469883: FAST negotiation: unavailable | |
(2021-02-16 18:28:22): [krb5_child[443555]] [validate_tgt] (0x2000): Found keytab entry with the realm of the credential. | |
(2021-02-16 18:28:22): [krb5_child[443555]] [sss_child_krb5_trace_cb] (0x4000): [443555] 1613496502.469884: Retrieving restrictedkrbhost/tbh107.internal.domain.tld@INTERNAL.DOMAIN.TLD from MEMORY:/etc/krb5.keytab (vno 0, enctype 0) with result: 0/Success | |
(2021-02-16 18:28:22): [krb5_child[443555]] [sss_child_krb5_trace_cb] (0x4000): [443555] 1613496502.469885: Resolving unique ccache of type MEMORY | |
(2021-02-16 18:28:22): [krb5_child[443555]] [sss_child_krb5_trace_cb] (0x4000): [443555] 1613496502.469886: Initializing MEMORY:BFgCAz2 with default princ user.test@INTERNAL.DOMAIN.TLD | |
(2021-02-16 18:28:22): [krb5_child[443555]] [sss_child_krb5_trace_cb] (0x4000): [443555] 1613496502.469887: Storing user.test@INTERNAL.DOMAIN.TLD -> krbtgt/INTERNAL.DOMAIN.TLD@INTERNAL.DOMAIN.TLD in MEMORY:BFgCAz2 | |
(2021-02-16 18:28:22): [krb5_child[443555]] [sss_child_krb5_trace_cb] (0x4000): [443555] 1613496502.469888: Getting credentials user.test@INTERNAL.DOMAIN.TLD -> restrictedkrbhost/tbh107.internal.domain.tld@INTERNAL.DOMAIN.TLD using ccache MEMORY:BFgCAz2 | |
(2021-02-16 18:28:22): [krb5_child[443555]] [sss_child_krb5_trace_cb] (0x4000): [443555] 1613496502.469889: Retrieving user.test@INTERNAL.DOMAIN.TLD -> restrictedkrbhost/tbh107.internal.domain.tld@INTERNAL.DOMAIN.TLD from MEMORY:BFgCAz2 with result: -1765328243/Matching credential not found | |
(2021-02-16 18:28:22): [krb5_child[443555]] [sss_child_krb5_trace_cb] (0x4000): [443555] 1613496502.469890: Retrieving user.test@INTERNAL.DOMAIN.TLD -> krbtgt/INTERNAL.DOMAIN.TLD@INTERNAL.DOMAIN.TLD from MEMORY:BFgCAz2 with result: 0/Success | |
(2021-02-16 18:28:22): [krb5_child[443555]] [sss_child_krb5_trace_cb] (0x4000): [443555] 1613496502.469891: Starting with TGT for client realm: user.test@INTERNAL.DOMAIN.TLD -> krbtgt/INTERNAL.DOMAIN.TLD@INTERNAL.DOMAIN.TLD | |
(2021-02-16 18:28:22): [krb5_child[443555]] [sss_child_krb5_trace_cb] (0x4000): [443555] 1613496502.469892: Requesting tickets for restrictedkrbhost/tbh107.internal.domain.tld@INTERNAL.DOMAIN.TLD, referrals on | |
(2021-02-16 18:28:22): [krb5_child[443555]] [sss_child_krb5_trace_cb] (0x4000): [443555] 1613496502.469893: Generated subkey for TGS request: aes256-cts/2844 | |
(2021-02-16 18:28:22): [krb5_child[443555]] [sss_child_krb5_trace_cb] (0x4000): [443555] 1613496502.469894: etypes requested in TGS request: aes256-cts, aes128-cts, aes256-sha2, aes128-sha2, des3-cbc-sha1, rc4-hmac, camellia128-cts, camellia256-cts | |
(2021-02-16 18:28:22): [krb5_child[443555]] [sss_child_krb5_trace_cb] (0x4000): [443555] 1613496502.469896: Encoding request body and padata into FAST request | |
(2021-02-16 18:28:22): [krb5_child[443555]] [sss_child_krb5_trace_cb] (0x4000): [443555] 1613496502.469897: Sending request (1933 bytes) to INTERNAL.DOMAIN.TLD | |
(2021-02-16 18:28:22): [krb5_child[443555]] [sss_child_krb5_trace_cb] (0x4000): [443555] 1613496502.469898: Initiating TCP connection to stream 10.8.0.3:88 | |
(2021-02-16 18:28:22): [krb5_child[443555]] [sss_child_krb5_trace_cb] (0x4000): [443555] 1613496502.469899: Sending TCP request to stream 10.8.0.3:88 | |
(2021-02-16 18:28:22): [krb5_child[443555]] [sss_child_krb5_trace_cb] (0x4000): [443555] 1613496502.469900: Received answer (1952 bytes) from stream 10.8.0.3:88 | |
(2021-02-16 18:28:22): [krb5_child[443555]] [sss_child_krb5_trace_cb] (0x4000): [443555] 1613496502.469901: Terminating TCP connection to stream 10.8.0.3:88 | |
(2021-02-16 18:28:22): [krb5_child[443555]] [sss_child_krb5_trace_cb] (0x4000): [443555] 1613496502.469902: Response was from master KDC | |
(2021-02-16 18:28:22): [krb5_child[443555]] [sss_child_krb5_trace_cb] (0x4000): [443555] 1613496502.469903: Decoding FAST response | |
(2021-02-16 18:28:22): [krb5_child[443555]] [sss_child_krb5_trace_cb] (0x4000): [443555] 1613496502.469904: FAST reply key: aes256-cts/53C9 | |
(2021-02-16 18:28:22): [krb5_child[443555]] [sss_child_krb5_trace_cb] (0x4000): [443555] 1613496502.469905: TGS reply is for user.test@INTERNAL.DOMAIN.TLD -> restrictedkrbhost/tbh107.internal.domain.tld@INTERNAL.DOMAIN.TLD with session key aes256-cts/6C28 | |
(2021-02-16 18:28:22): [krb5_child[443555]] [sss_child_krb5_trace_cb] (0x4000): [443555] 1613496502.469906: TGS request result: 0/Success | |
(2021-02-16 18:28:22): [krb5_child[443555]] [sss_child_krb5_trace_cb] (0x4000): [443555] 1613496502.469907: Received creds for desired service restrictedkrbhost/tbh107.internal.domain.tld@INTERNAL.DOMAIN.TLD | |
(2021-02-16 18:28:22): [krb5_child[443555]] [sss_child_krb5_trace_cb] (0x4000): [443555] 1613496502.469908: Storing user.test@INTERNAL.DOMAIN.TLD -> restrictedkrbhost/tbh107.internal.domain.tld@INTERNAL.DOMAIN.TLD in MEMORY:BFgCAz2 | |
(2021-02-16 18:28:22): [krb5_child[443555]] [sss_child_krb5_trace_cb] (0x4000): [443555] 1613496502.469909: Creating authenticator for user.test@INTERNAL.DOMAIN.TLD -> restrictedkrbhost/tbh107.internal.domain.tld@INTERNAL.DOMAIN.TLD, seqnum 0, subkey (null), session key aes256-cts/6C28 | |
(2021-02-16 18:28:22): [krb5_child[443555]] [sss_child_krb5_trace_cb] (0x4000): [443555] 1613496502.469911: Retrieving restrictedkrbhost/tbh107.internal.domain.tld@INTERNAL.DOMAIN.TLD from MEMORY:/etc/krb5.keytab (vno 4, enctype aes256-cts) with result: 0/Success | |
(2021-02-16 18:28:22): [krb5_child[443555]] [sss_child_krb5_trace_cb] (0x4000): [443555] 1613496502.469912: Decrypted AP-REQ with specified server principal restrictedkrbhost/tbh107.internal.domain.tld@INTERNAL.DOMAIN.TLD: aes256-cts/9816 | |
(2021-02-16 18:28:22): [krb5_child[443555]] [sss_child_krb5_trace_cb] (0x4000): [443555] 1613496502.469913: AP-REQ ticket: user.test@INTERNAL.DOMAIN.TLD -> restrictedkrbhost/tbh107.internal.domain.tld@INTERNAL.DOMAIN.TLD, session key aes256-cts/6C28 | |
(2021-02-16 18:28:22): [krb5_child[443555]] [sss_child_krb5_trace_cb] (0x4000): [443555] 1613496502.469914: Negotiated enctype based on authenticator: aes256-cts | |
(2021-02-16 18:28:22): [krb5_child[443555]] [sss_child_krb5_trace_cb] (0x4000): [443555] 1613496502.469915: Initializing MEMORY:rd_req2 with default princ user.test@INTERNAL.DOMAIN.TLD | |
(2021-02-16 18:28:22): [krb5_child[443555]] [sss_child_krb5_trace_cb] (0x4000): [443555] 1613496502.469916: Storing user.test@INTERNAL.DOMAIN.TLD -> restrictedkrbhost/tbh107.internal.domain.tld@INTERNAL.DOMAIN.TLD in MEMORY:rd_req2 | |
(2021-02-16 18:28:22): [krb5_child[443555]] [sss_child_krb5_trace_cb] (0x4000): [443555] 1613496502.469917: Destroying ccache MEMORY:BFgCAz2 | |
(2021-02-16 18:28:22): [krb5_child[443555]] [validate_tgt] (0x0400): TGT verified using key for [restrictedkrbhost/tbh107.internal.domain.tld@INTERNAL.DOMAIN.TLD]. | |
(2021-02-16 18:28:22): [krb5_child[443555]] [sss_child_krb5_trace_cb] (0x4000): [443555] 1613496502.469918: Retrieving user.test@INTERNAL.DOMAIN.TLD -> restrictedkrbhost/tbh107.internal.domain.tld@INTERNAL.DOMAIN.TLD from MEMORY:rd_req2 with result: 0/Success | |
(2021-02-16 18:28:22): [krb5_child[443555]] [sss_child_krb5_trace_cb] (0x4000): [443555] 1613496502.469919: Retrieving restrictedkrbhost/tbh107.internal.domain.tld@INTERNAL.DOMAIN.TLD from MEMORY:/etc/krb5.keytab (vno 4, enctype aes256-cts) with result: 0/Success | |
(2021-02-16 18:28:22): [krb5_child[443555]] [sss_send_pac] (0x0040): sss_pac_make_request failed [-1][2]. | |
(2021-02-16 18:28:22): [krb5_child[443555]] [validate_tgt] (0x0040): sss_send_pac failed, group membership for user with principal [user.test\@TBHYDRO.NET@INTERNAL.DOMAIN.TLD] might not be correct. | |
(2021-02-16 18:28:22): [krb5_child[443555]] [sss_child_krb5_trace_cb] (0x4000): [443555] 1613496502.469920: Destroying ccache MEMORY:rd_req2 | |
(2021-02-16 18:28:22): [krb5_child[443555]] [get_and_save_tgt] (0x2000): Running as [1175201110][1175200513]. | |
(2021-02-16 18:28:22): [krb5_child[443555]] [sss_get_ccache_name_for_principal] (0x4000): Location: [FILE:/tmp/krb5cc_1175201110_XXXXXX] | |
(2021-02-16 18:28:22): [krb5_child[443555]] [sss_get_ccache_name_for_principal] (0x2000): krb5_cc_cache_match failed: [-1765328243][Can't find client principal user.test@INTERNAL.DOMAIN.TLD in cache collection] | |
(2021-02-16 18:28:22): [krb5_child[443555]] [create_ccache] (0x4000): Initializing ccache of type [FILE] | |
(2021-02-16 18:28:22): [krb5_child[443555]] [create_ccache] (0x4000): returning: 0 | |
(2021-02-16 18:28:22): [krb5_child[443555]] [k5c_send_data] (0x0200): Received error code 0 | |
(2021-02-16 18:28:22): [krb5_child[443555]] [pack_response_packet] (0x2000): response packet size: [142] | |
(2021-02-16 18:28:22): [krb5_child[443555]] [k5c_send_data] (0x4000): Response sent. | |
(2021-02-16 18:28:22): [krb5_child[443555]] [main] (0x0400): krb5_child completed successfully | |
(2021-02-16 19:33:04): [krb5_child[476992]] [main] (0x0400): krb5_child started. | |
(2021-02-16 19:33:04): [krb5_child[476992]] [unpack_buffer] (0x1000): total buffer size: [146] | |
(2021-02-16 19:33:04): [krb5_child[476992]] [unpack_buffer] (0x0100): cmd [241 (auth)] uid [1175200500] gid [1175200513] validate [true] enterprise principal [false] offline [true] UPN [admin@INTERNAL.DOMAIN.TLD] | |
(2021-02-16 19:33:04): [krb5_child[476992]] [unpack_buffer] (0x2000): No old ccache | |
(2021-02-16 19:33:04): [krb5_child[476992]] [unpack_buffer] (0x0100): ccname: [FILE:/tmp/krb5cc_1175200500_XXXXXX] old_ccname: [not set] keytab: [/etc/krb5.keytab] | |
(2021-02-16 19:33:04): [krb5_child[476992]] [check_use_fast] (0x0100): Not using FAST. | |
(2021-02-16 19:33:04): [krb5_child[476992]] [k5c_precreate_ccache] (0x4000): Recreating ccache | |
(2021-02-16 19:33:04): [krb5_child[476992]] [privileged_krb5_setup] (0x0080): Cannot open the PAC responder socket | |
(2021-02-16 19:33:04): [krb5_child[476992]] [become_user] (0x0200): Trying to become user [1175200500][1175200513]. | |
(2021-02-16 19:33:04): [krb5_child[476992]] [main] (0x2000): Running as [1175200500][1175200513]. | |
(2021-02-16 19:33:04): [krb5_child[476992]] [set_lifetime_options] (0x0100): No specific renewable lifetime requested. | |
(2021-02-16 19:33:04): [krb5_child[476992]] [set_lifetime_options] (0x0100): No specific lifetime requested. | |
(2021-02-16 19:33:04): [krb5_child[476992]] [main] (0x0400): Will perform auth | |
(2021-02-16 19:33:04): [krb5_child[476992]] [main] (0x0400): Will perform offline auth | |
(2021-02-16 19:33:04): [krb5_child[476992]] [create_empty_ccache] (0x1000): Creating empty ccache | |
(2021-02-16 19:33:04): [krb5_child[476992]] [create_empty_cred] (0x2000): Created empty krb5_creds. | |
(2021-02-16 19:33:04): [krb5_child[476992]] [create_ccache] (0x4000): Initializing ccache of type [FILE] | |
(2021-02-16 19:33:04): [krb5_child[476992]] [create_ccache] (0x4000): returning: 0 | |
(2021-02-16 19:33:04): [krb5_child[476992]] [k5c_send_data] (0x0200): Received error code 0 | |
(2021-02-16 19:33:04): [krb5_child[476992]] [pack_response_packet] (0x2000): response packet size: [58] | |
(2021-02-16 19:33:04): [krb5_child[476992]] [k5c_send_data] (0x4000): Response sent. | |
(2021-02-16 19:33:04): [krb5_child[476992]] [main] (0x0400): krb5_child completed successfully | |
(2021-02-17 12:27:36): [krb5_child[481048]] [main] (0x0400): krb5_child started. | |
(2021-02-17 12:27:36): [krb5_child[481048]] [unpack_buffer] (0x1000): total buffer size: [180] | |
(2021-02-17 12:27:36): [krb5_child[481048]] [unpack_buffer] (0x0100): cmd [241 (auth)] uid [1175200500] gid [1175200513] validate [true] enterprise principal [false] offline [true] UPN [admin@INTERNAL.DOMAIN.TLD] | |
(2021-02-17 12:27:36): [krb5_child[481048]] [unpack_buffer] (0x0100): ccname: [FILE:/tmp/krb5cc_1175200500_XXXXXX] old_ccname: [FILE:/tmp/krb5cc_1175200500_VdY9uN] keytab: [/etc/krb5.keytab] | |
(2021-02-17 12:27:36): [krb5_child[481048]] [check_use_fast] (0x0100): Not using FAST. | |
(2021-02-17 12:27:36): [krb5_child[481048]] [switch_creds] (0x0200): Switch user to [1175200500][1175200513]. | |
(2021-02-17 12:27:36): [krb5_child[481048]] [sss_krb5_cc_verify_ccache] (0x2000): TGT not found or expired. | |
(2021-02-17 12:27:36): [krb5_child[481048]] [switch_creds] (0x0200): Switch user to [0][0]. | |
(2021-02-17 12:27:36): [krb5_child[481048]] [k5c_check_old_ccache] (0x4000): Ccache_file is [FILE:/tmp/krb5cc_1175200500_VdY9uN] and is active and TGT is valid. | |
(2021-02-17 12:27:36): [krb5_child[481048]] [privileged_krb5_setup] (0x0080): Cannot open the PAC responder socket | |
(2021-02-17 12:27:36): [krb5_child[481048]] [become_user] (0x0200): Trying to become user [1175200500][1175200513]. | |
(2021-02-17 12:27:36): [krb5_child[481048]] [main] (0x2000): Running as [1175200500][1175200513]. | |
(2021-02-17 12:27:36): [krb5_child[481048]] [set_lifetime_options] (0x0100): No specific renewable lifetime requested. | |
(2021-02-17 12:27:36): [krb5_child[481048]] [set_lifetime_options] (0x0100): No specific lifetime requested. | |
(2021-02-17 12:27:36): [krb5_child[481048]] [main] (0x0400): Will perform auth | |
(2021-02-17 12:27:36): [krb5_child[481048]] [main] (0x0400): Will perform offline auth | |
(2021-02-17 12:27:36): [krb5_child[481048]] [create_empty_ccache] (0x1000): Existing ccache still valid, reusing | |
(2021-02-17 12:27:36): [krb5_child[481048]] [k5c_send_data] (0x0200): Received error code 0 | |
(2021-02-17 12:27:36): [krb5_child[481048]] [pack_response_packet] (0x2000): response packet size: [58] | |
(2021-02-17 12:27:36): [krb5_child[481048]] [k5c_send_data] (0x4000): Response sent. | |
(2021-02-17 12:27:36): [krb5_child[481048]] [main] (0x0400): krb5_child completed successfully | |
(2021-02-17 12:29:47): [krb5_child[487160]] [main] (0x0400): krb5_child started. | |
(2021-02-17 12:29:47): [krb5_child[487160]] [unpack_buffer] (0x1000): total buffer size: [180] | |
(2021-02-17 12:29:47): [krb5_child[487160]] [unpack_buffer] (0x0100): cmd [241 (auth)] uid [1175200500] gid [1175200513] validate [true] enterprise principal [true] offline [false] UPN [admin@INTERNAL.DOMAIN.TLD] | |
(2021-02-17 12:29:47): [krb5_child[487160]] [unpack_buffer] (0x0100): ccname: [FILE:/tmp/krb5cc_1175200500_XXXXXX] old_ccname: [FILE:/tmp/krb5cc_1175200500_VdY9uN] keytab: [/etc/krb5.keytab] | |
(2021-02-17 12:29:47): [krb5_child[487160]] [check_use_fast] (0x0100): Not using FAST. | |
(2021-02-17 12:29:47): [krb5_child[487160]] [switch_creds] (0x0200): Switch user to [1175200500][1175200513]. | |
(2021-02-17 12:29:47): [krb5_child[487160]] [sss_krb5_cc_verify_ccache] (0x2000): TGT not found or expired. | |
(2021-02-17 12:29:47): [krb5_child[487160]] [switch_creds] (0x0200): Switch user to [0][0]. | |
(2021-02-17 12:29:47): [krb5_child[487160]] [k5c_check_old_ccache] (0x4000): Ccache_file is [FILE:/tmp/krb5cc_1175200500_VdY9uN] and is active and TGT is valid. | |
(2021-02-17 12:29:47): [krb5_child[487160]] [privileged_krb5_setup] (0x0080): Cannot open the PAC responder socket | |
(2021-02-17 12:29:47): [krb5_child[487160]] [become_user] (0x0200): Trying to become user [1175200500][1175200513]. | |
(2021-02-17 12:29:47): [krb5_child[487160]] [main] (0x2000): Running as [1175200500][1175200513]. | |
(2021-02-17 12:29:47): [krb5_child[487160]] [set_lifetime_options] (0x0100): No specific renewable lifetime requested. | |
(2021-02-17 12:29:47): [krb5_child[487160]] [set_lifetime_options] (0x0100): No specific lifetime requested. | |
(2021-02-17 12:29:47): [krb5_child[487160]] [set_canonicalize_option] (0x0100): Canonicalization is set to [true] | |
(2021-02-17 12:29:47): [krb5_child[487160]] [main] (0x0400): Will perform auth | |
(2021-02-17 12:29:47): [krb5_child[487160]] [main] (0x0400): Will perform online auth | |
(2021-02-17 12:29:47): [krb5_child[487160]] [tgt_req_child] (0x1000): Attempting to get a TGT | |
(2021-02-17 12:29:47): [krb5_child[487160]] [get_and_save_tgt] (0x0400): Attempting kinit for realm [INTERNAL.DOMAIN.TLD] | |
(2021-02-17 12:29:47): [krb5_child[487160]] [sss_child_krb5_trace_cb] (0x4000): [487160] 1613561387.108342: Getting initial credentials for admin\@INTERNAL.DOMAIN.TLD@INTERNAL.DOMAIN.TLD | |
(2021-02-17 12:29:47): [krb5_child[487160]] [sss_child_krb5_trace_cb] (0x4000): [487160] 1613561387.108344: Sending unauthenticated request | |
(2021-02-17 12:29:47): [krb5_child[487160]] [sss_child_krb5_trace_cb] (0x4000): [487160] 1613561387.108345: Sending request (235 bytes) to INTERNAL.DOMAIN.TLD | |
(2021-02-17 12:29:47): [krb5_child[487160]] [sss_child_krb5_trace_cb] (0x4000): [487160] 1613561387.108346: Initiating TCP connection to stream 10.8.0.19:88 | |
(2021-02-17 12:29:47): [krb5_child[487160]] [sss_child_krb5_trace_cb] (0x4000): [487160] 1613561387.108347: Sending TCP request to stream 10.8.0.19:88 | |
(2021-02-17 12:29:47): [krb5_child[487160]] [sss_child_krb5_trace_cb] (0x4000): [487160] 1613561387.108348: Received answer (169 bytes) from stream 10.8.0.19:88 | |
(2021-02-17 12:29:47): [krb5_child[487160]] [sss_child_krb5_trace_cb] (0x4000): [487160] 1613561387.108349: Terminating TCP connection to stream 10.8.0.19:88 | |
(2021-02-17 12:29:47): [krb5_child[487160]] [sss_child_krb5_trace_cb] (0x4000): [487160] 1613561387.108350: Response was from master KDC | |
(2021-02-17 12:29:47): [krb5_child[487160]] [sss_child_krb5_trace_cb] (0x4000): [487160] 1613561387.108351: Received error from KDC: -1765328359/Additional pre-authentication required | |
(2021-02-17 12:29:47): [krb5_child[487160]] [sss_child_krb5_trace_cb] (0x4000): [487160] 1613561387.108354: Preauthenticating using KDC method data | |
(2021-02-17 12:29:47): [krb5_child[487160]] [sss_child_krb5_trace_cb] (0x4000): [487160] 1613561387.108355: Processing preauth types: PA-PK-AS-REQ (16), PA-PK-AS-REP_OLD (15), PA-ETYPE-INFO2 (19), PA-ENC-TIMESTAMP (2) | |
(2021-02-17 12:29:47): [krb5_child[487160]] [sss_child_krb5_trace_cb] (0x4000): [487160] 1613561387.108356: Selected etype info: etype rc4-hmac, salt "", params "" | |
(2021-02-17 12:29:47): [krb5_child[487160]] [sss_child_krb5_trace_cb] (0x4000): [487160] 1613561387.108357: PKINIT client has no configured identity; giving up | |
(2021-02-17 12:29:47): [krb5_child[487160]] [sss_krb5_responder] (0x4000): Got question [password]. | |
(2021-02-17 12:29:47): [krb5_child[487160]] [sss_child_krb5_trace_cb] (0x4000): [487160] 1613561387.108358: PKINIT client has no configured identity; giving up | |
(2021-02-17 12:29:47): [krb5_child[487160]] [sss_child_krb5_trace_cb] (0x4000): [487160] 1613561387.108359: Preauth module pkinit (16) (real) returned: 22/Invalid argument | |
(2021-02-17 12:29:47): [krb5_child[487160]] [sss_child_krb5_trace_cb] (0x4000): [487160] 1613561387.108360: AS key obtained for encrypted timestamp: rc4-hmac/EADE | |
(2021-02-17 12:29:47): [krb5_child[487160]] [sss_child_krb5_trace_cb] (0x4000): [487160] 1613561387.108362: Encrypted timestamp (for 1613561387.294612): plain 301AA011180F32303231303231373131323934375AA1050203047ED4, encrypted 9D571DABC48D490741771C693D1A3D396C873BEEA0FD44E0364EB4B4F79BE697B134CEA44AF630D5FFB971D11A7B6AE77F12F4B1 | |
(2021-02-17 12:29:47): [krb5_child[487160]] [sss_child_krb5_trace_cb] (0x4000): [487160] 1613561387.108363: Preauth module encrypted_timestamp (2) (real) returned: 0/Success | |
(2021-02-17 12:29:47): [krb5_child[487160]] [sss_child_krb5_trace_cb] (0x4000): [487160] 1613561387.108364: Produced preauth for next request: PA-ENC-TIMESTAMP (2) | |
(2021-02-17 12:29:47): [krb5_child[487160]] [sss_child_krb5_trace_cb] (0x4000): [487160] 1613561387.108365: Sending request (311 bytes) to INTERNAL.DOMAIN.TLD | |
(2021-02-17 12:29:47): [krb5_child[487160]] [sss_child_krb5_trace_cb] (0x4000): [487160] 1613561387.108366: Initiating TCP connection to stream 10.8.0.19:88 | |
(2021-02-17 12:29:47): [krb5_child[487160]] [sss_child_krb5_trace_cb] (0x4000): [487160] 1613561387.108367: Sending TCP request to stream 10.8.0.19:88 | |
(2021-02-17 12:29:47): [krb5_child[487160]] [sss_child_krb5_trace_cb] (0x4000): [487160] 1613561387.108368: Received answer (1610 bytes) from stream 10.8.0.19:88 | |
(2021-02-17 12:29:47): [krb5_child[487160]] [sss_child_krb5_trace_cb] (0x4000): [487160] 1613561387.108369: Terminating TCP connection to stream 10.8.0.19:88 | |
(2021-02-17 12:29:47): [krb5_child[487160]] [sss_child_krb5_trace_cb] (0x4000): [487160] 1613561387.108370: Response was from master KDC | |
(2021-02-17 12:29:47): [krb5_child[487160]] [sss_child_krb5_trace_cb] (0x4000): [487160] 1613561387.108371: Salt derived from principal: INTERNAL.DOMAIN.TLDadmin | |
(2021-02-17 12:29:47): [krb5_child[487160]] [sss_child_krb5_trace_cb] (0x4000): [487160] 1613561387.108372: AS key determined by preauth: rc4-hmac/EADE | |
(2021-02-17 12:29:47): [krb5_child[487160]] [sss_child_krb5_trace_cb] (0x4000): [487160] 1613561387.108373: Decrypted AS reply; session key is: aes256-cts/79F2 | |
(2021-02-17 12:29:47): [krb5_child[487160]] [sss_child_krb5_trace_cb] (0x4000): [487160] 1613561387.108374: FAST negotiation: unavailable | |
(2021-02-17 12:29:47): [krb5_child[487160]] [validate_tgt] (0x2000): Found keytab entry with the realm of the credential. | |
(2021-02-17 12:29:47): [krb5_child[487160]] [sss_child_krb5_trace_cb] (0x4000): [487160] 1613561387.108375: Retrieving restrictedkrbhost/tbh107.internal.domain.tld@INTERNAL.DOMAIN.TLD from MEMORY:/etc/krb5.keytab (vno 0, enctype 0) with result: 0/Success | |
(2021-02-17 12:29:47): [krb5_child[487160]] [sss_child_krb5_trace_cb] (0x4000): [487160] 1613561387.108376: Resolving unique ccache of type MEMORY | |
(2021-02-17 12:29:47): [krb5_child[487160]] [sss_child_krb5_trace_cb] (0x4000): [487160] 1613561387.108377: Initializing MEMORY:LZ35jbc with default princ admin@INTERNAL.DOMAIN.TLD | |
(2021-02-17 12:29:47): [krb5_child[487160]] [sss_child_krb5_trace_cb] (0x4000): [487160] 1613561387.108378: Storing admin@INTERNAL.DOMAIN.TLD -> krbtgt/INTERNAL.DOMAIN.TLD@INTERNAL.DOMAIN.TLD in MEMORY:LZ35jbc | |
(2021-02-17 12:29:47): [krb5_child[487160]] [sss_child_krb5_trace_cb] (0x4000): [487160] 1613561387.108379: Getting credentials admin@INTERNAL.DOMAIN.TLD -> restrictedkrbhost/tbh107.internal.domain.tld@INTERNAL.DOMAIN.TLD using ccache MEMORY:LZ35jbc | |
(2021-02-17 12:29:47): [krb5_child[487160]] [sss_child_krb5_trace_cb] (0x4000): [487160] 1613561387.108380: Retrieving admin@INTERNAL.DOMAIN.TLD -> restrictedkrbhost/tbh107.internal.domain.tld@INTERNAL.DOMAIN.TLD from MEMORY:LZ35jbc with result: -1765328243/Matching credential not found | |
(2021-02-17 12:29:47): [krb5_child[487160]] [sss_child_krb5_trace_cb] (0x4000): [487160] 1613561387.108381: Retrieving admin@INTERNAL.DOMAIN.TLD -> krbtgt/INTERNAL.DOMAIN.TLD@INTERNAL.DOMAIN.TLD from MEMORY:LZ35jbc with result: 0/Success | |
(2021-02-17 12:29:47): [krb5_child[487160]] [sss_child_krb5_trace_cb] (0x4000): [487160] 1613561387.108382: Starting with TGT for client realm: admin@INTERNAL.DOMAIN.TLD -> krbtgt/INTERNAL.DOMAIN.TLD@INTERNAL.DOMAIN.TLD | |
(2021-02-17 12:29:47): [krb5_child[487160]] [sss_child_krb5_trace_cb] (0x4000): [487160] 1613561387.108383: Requesting tickets for restrictedkrbhost/tbh107.internal.domain.tld@INTERNAL.DOMAIN.TLD, referrals on | |
(2021-02-17 12:29:47): [krb5_child[487160]] [sss_child_krb5_trace_cb] (0x4000): [487160] 1613561387.108384: Generated subkey for TGS request: aes256-cts/D7DB | |
(2021-02-17 12:29:47): [krb5_child[487160]] [sss_child_krb5_trace_cb] (0x4000): [487160] 1613561387.108385: etypes requested in TGS request: aes256-cts, aes128-cts, aes256-sha2, aes128-sha2, des3-cbc-sha1, rc4-hmac, camellia128-cts, camellia256-cts | |
(2021-02-17 12:29:47): [krb5_child[487160]] [sss_child_krb5_trace_cb] (0x4000): [487160] 1613561387.108387: Encoding request body and padata into FAST request | |
(2021-02-17 12:29:47): [krb5_child[487160]] [sss_child_krb5_trace_cb] (0x4000): [487160] 1613561387.108388: Sending request (1855 bytes) to INTERNAL.DOMAIN.TLD | |
(2021-02-17 12:29:47): [krb5_child[487160]] [sss_child_krb5_trace_cb] (0x4000): [487160] 1613561387.108389: Initiating TCP connection to stream 10.8.0.19:88 | |
(2021-02-17 12:29:47): [krb5_child[487160]] [sss_child_krb5_trace_cb] (0x4000): [487160] 1613561387.108390: Sending TCP request to stream 10.8.0.19:88 | |
(2021-02-17 12:29:47): [krb5_child[487160]] [sss_child_krb5_trace_cb] (0x4000): [487160] 1613561387.108391: Received answer (1911 bytes) from stream 10.8.0.19:88 | |
(2021-02-17 12:29:47): [krb5_child[487160]] [sss_child_krb5_trace_cb] (0x4000): [487160] 1613561387.108392: Terminating TCP connection to stream 10.8.0.19:88 | |
(2021-02-17 12:29:47): [krb5_child[487160]] [sss_child_krb5_trace_cb] (0x4000): [487160] 1613561387.108393: Response was from master KDC | |
(2021-02-17 12:29:47): [krb5_child[487160]] [sss_child_krb5_trace_cb] (0x4000): [487160] 1613561387.108394: Decoding FAST response | |
(2021-02-17 12:29:47): [krb5_child[487160]] [sss_child_krb5_trace_cb] (0x4000): [487160] 1613561387.108395: FAST reply key: aes256-cts/F579 | |
(2021-02-17 12:29:47): [krb5_child[487160]] [sss_child_krb5_trace_cb] (0x4000): [487160] 1613561387.108396: TGS reply is for admin@INTERNAL.DOMAIN.TLD -> restrictedkrbhost/tbh107.internal.domain.tld@INTERNAL.DOMAIN.TLD with session key aes256-cts/DB52 | |
(2021-02-17 12:29:47): [krb5_child[487160]] [sss_child_krb5_trace_cb] (0x4000): [487160] 1613561387.108397: TGS request result: 0/Success | |
(2021-02-17 12:29:47): [krb5_child[487160]] [sss_child_krb5_trace_cb] (0x4000): [487160] 1613561387.108398: Received creds for desired service restrictedkrbhost/tbh107.internal.domain.tld@INTERNAL.DOMAIN.TLD | |
(2021-02-17 12:29:47): [krb5_child[487160]] [sss_child_krb5_trace_cb] (0x4000): [487160] 1613561387.108399: Storing admin@INTERNAL.DOMAIN.TLD -> restrictedkrbhost/tbh107.internal.domain.tld@INTERNAL.DOMAIN.TLD in MEMORY:LZ35jbc | |
(2021-02-17 12:29:47): [krb5_child[487160]] [sss_child_krb5_trace_cb] (0x4000): [487160] 1613561387.108400: Creating authenticator for admin@INTERNAL.DOMAIN.TLD -> restrictedkrbhost/tbh107.internal.domain.tld@INTERNAL.DOMAIN.TLD, seqnum 0, subkey (null), session key aes256-cts/DB52 | |
(2021-02-17 12:29:47): [krb5_child[487160]] [sss_child_krb5_trace_cb] (0x4000): [487160] 1613561387.108402: Retrieving restrictedkrbhost/tbh107.internal.domain.tld@INTERNAL.DOMAIN.TLD from MEMORY:/etc/krb5.keytab (vno 4, enctype aes256-cts) with result: 0/Success | |
(2021-02-17 12:29:47): [krb5_child[487160]] [sss_child_krb5_trace_cb] (0x4000): [487160] 1613561387.108403: Decrypted AP-REQ with specified server principal restrictedkrbhost/tbh107.internal.domain.tld@INTERNAL.DOMAIN.TLD: aes256-cts/9816 | |
(2021-02-17 12:29:47): [krb5_child[487160]] [sss_child_krb5_trace_cb] (0x4000): [487160] 1613561387.108404: AP-REQ ticket: admin@INTERNAL.DOMAIN.TLD -> restrictedkrbhost/tbh107.internal.domain.tld@INTERNAL.DOMAIN.TLD, session key aes256-cts/DB52 | |
(2021-02-17 12:29:47): [krb5_child[487160]] [sss_child_krb5_trace_cb] (0x4000): [487160] 1613561387.108405: Negotiated enctype based on authenticator: aes256-cts | |
(2021-02-17 12:29:47): [krb5_child[487160]] [sss_child_krb5_trace_cb] (0x4000): [487160] 1613561387.108406: Initializing MEMORY:rd_req2 with default princ admin@INTERNAL.DOMAIN.TLD | |
(2021-02-17 12:29:47): [krb5_child[487160]] [sss_child_krb5_trace_cb] (0x4000): [487160] 1613561387.108407: Storing admin@INTERNAL.DOMAIN.TLD -> restrictedkrbhost/tbh107.internal.domain.tld@INTERNAL.DOMAIN.TLD in MEMORY:rd_req2 | |
(2021-02-17 12:29:47): [krb5_child[487160]] [sss_child_krb5_trace_cb] (0x4000): [487160] 1613561387.108408: Destroying ccache MEMORY:LZ35jbc | |
(2021-02-17 12:29:47): [krb5_child[487160]] [validate_tgt] (0x0400): TGT verified using key for [restrictedkrbhost/tbh107.internal.domain.tld@INTERNAL.DOMAIN.TLD]. | |
(2021-02-17 12:29:47): [krb5_child[487160]] [sss_child_krb5_trace_cb] (0x4000): [487160] 1613561387.108409: Retrieving admin@INTERNAL.DOMAIN.TLD -> restrictedkrbhost/tbh107.internal.domain.tld@INTERNAL.DOMAIN.TLD from MEMORY:rd_req2 with result: 0/Success | |
(2021-02-17 12:29:47): [krb5_child[487160]] [sss_child_krb5_trace_cb] (0x4000): [487160] 1613561387.108410: Retrieving restrictedkrbhost/tbh107.internal.domain.tld@INTERNAL.DOMAIN.TLD from MEMORY:/etc/krb5.keytab (vno 4, enctype aes256-cts) with result: 0/Success | |
(2021-02-17 12:29:47): [krb5_child[487160]] [sss_send_pac] (0x0040): sss_pac_make_request failed [-1][2]. | |
(2021-02-17 12:29:47): [krb5_child[487160]] [validate_tgt] (0x0040): sss_send_pac failed, group membership for user with principal [admin\@INTERNAL.DOMAIN.TLD@INTERNAL.DOMAIN.TLD] might not be correct. | |
(2021-02-17 12:29:47): [krb5_child[487160]] [sss_child_krb5_trace_cb] (0x4000): [487160] 1613561387.108411: Destroying ccache MEMORY:rd_req2 | |
(2021-02-17 12:29:47): [krb5_child[487160]] [get_and_save_tgt] (0x2000): Running as [1175200500][1175200513]. | |
(2021-02-17 12:29:47): [krb5_child[487160]] [sss_get_ccache_name_for_principal] (0x4000): Location: [FILE:/tmp/krb5cc_1175200500_VdY9uN] | |
(2021-02-17 12:29:47): [krb5_child[487160]] [sss_get_ccache_name_for_principal] (0x4000): tmp_ccname: [FILE:/tmp/krb5cc_1175200500_VdY9uN] | |
(2021-02-17 12:29:47): [krb5_child[487160]] [create_ccache] (0x4000): Initializing ccache of type [FILE] | |
(2021-02-17 12:29:47): [krb5_child[487160]] [create_ccache] (0x4000): returning: 0 | |
(2021-02-17 12:29:47): [krb5_child[487160]] [safe_remove_old_ccache_file] (0x0400): New and old ccache file are the same, none will be deleted. | |
(2021-02-17 12:29:47): [krb5_child[487160]] [k5c_send_data] (0x0200): Received error code 0 | |
(2021-02-17 12:29:47): [krb5_child[487160]] [pack_response_packet] (0x2000): response packet size: [131] | |
(2021-02-17 12:29:47): [krb5_child[487160]] [k5c_send_data] (0x4000): Response sent. | |
(2021-02-17 12:29:47): [krb5_child[487160]] [main] (0x0400): krb5_child completed successfully |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[sssd] | |
domains = internal.domain.tld | |
config_file_version = 2 | |
services = nss, pam | |
[pam] | |
pam_pwd_expiration_warning=14 | |
debug_level = 14 | |
offline_credentials_expiration = 10 | |
[domain/internal.domain.tld] | |
cache_credentials = True | |
debug_level = 14 | |
id_provider = ad | |
ad_domain = internal.domain.tld | |
krb5_realm = INTERNAL.DOMAIN.TLD | |
#auth_provider = ad | |
access_provider = ad | |
krb5_store_password_if_offline = True | |
default_shell = /bin/bash | |
ldap_id_mapping = True | |
use_fully_qualified_names = False | |
fallback_homedir = /home/%d/%u | |
pwd_expiration_warning=14 | |
ad_gpo_access_control = permissive |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[sssd] | |
domains = internal.domain.tld | |
config_file_version = 2 | |
services = nss, pam | |
[pam] | |
debug_level = 14 | |
[domain/internal.domain.tld] | |
debug_level = 14 | |
ad_domain = internal.domain.tld | |
krb5_realm = INTERNAL.DOMAIN.TLD | |
realmd_tags = manages-system joined-with-adcli | |
cache_credentials = True | |
id_provider = ad | |
krb5_store_password_if_offline = True | |
default_shell = /bin/bash | |
ldap_id_mapping = True | |
use_fully_qualified_names = False | |
fallback_homedir = /home/%d/%u | |
access_provider = ad | |
ad_gpo_access_control = permissive |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment