Last active
April 7, 2016 22:13
-
-
Save splashx/1b2a07382bbad16d33e984715dd805d7 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Macintosh:~ splash$ kinit --anonymous | |
Macintosh:~ splash$ klist -A | |
Credentials cache: API:F4CE5CCF-9BC5-44C8-B2F5-9A2A29C88A2D | |
Principal: WELLKNOWN/ANONYMOUS@WELLKNOWN:ANONYMOUS | |
Issued Expires Principal | |
Apr 7 23:59:52 2016 Apr 8 09:59:52 2016 krbtgt/REALM.COM@REALM.COM | |
Macintosh:~ splash$ KRB5_TRACE=/dev/stdout kinit --fast-armor-cache=API:F4CE5CCF-9BC5-44C8-B2F5-9A2A29C88A2D d_santos@REALM.COM | |
2016-04-08T00:00:13 set-error: -1765328242: Reached end of credential caches | |
2016-04-08T00:00:13 set-error: -1765328243: Principal d_santos@REALM.COM not found in any credential cache | |
2016-04-08T00:00:13 set-error: -1765328243: Did not find credential for krbtgt/WELLKNOWN:ANONYMOUS@WELLKNOWN:ANONYMOUS in cache API:F4CE5CCF-9BC5-44C8-B2F5-9A2A29C88A2D | |
2016-04-08T00:00:13 set-error: -1765328243: Matching credential (krbtgt/WELLKNOWN:ANONYMOUS@WELLKNOWN:ANONYMOUS) not found | |
kinit: krb5_init_creds_set_fast_ccache: Matching credential (krbtgt/WELLKNOWN:ANONYMOUS@WELLKNOWN:ANONYMOUS) not found | |
Macintosh:~ splash$ | |
// on mit client @ ubuntu | |
ubuntu@uservm-test:~$ klist -A | |
ubuntu@uservm-test:~$ kinit -n | |
ubuntu@uservm-test:~$ klist -A | |
Ticket cache: FILE:/tmp/krb5cc_1000 | |
Default principal: WELLKNOWN/ANONYMOUS@WELLKNOWN:ANONYMOUS | |
Valid starting Expires Service principal | |
04/07/16 22:11:25 04/08/16 08:11:25 krbtgt/REALM.COM@REALM.COM | |
renew until 04/08/16 22:11:25 | |
ubuntu@uservm-test:~$ KRB5_TRACE=/dev/stdout kinit -T /tmp/krb5cc_1000 d_santos | |
[4513] 1460067090.345908: Getting initial credentials for d_santos@REALM.COM | |
[4513] 1460067090.350315: FAST armor ccache: /tmp/krb5cc_1000 | |
[4513] 1460067090.350459: Retrieving WELLKNOWN/ANONYMOUS@WELLKNOWN:ANONYMOUS -> krb5_ccache_conf_data/fast_avail/krbtgt\/REALM.COM\@REALM.COM@X-CACHECONF: from FILE:/tmp/krb5cc_1000 with result: 0/Success | |
[4513] 1460067090.350482: Read config in FILE:/tmp/krb5cc_1000 for krbtgt/REALM.COM@REALM.COM: fast_avail: yes | |
[4513] 1460067090.350496: Using FAST due to armor ccache negotiation result | |
[4513] 1460067090.350524: Getting credentials WELLKNOWN/ANONYMOUS@WELLKNOWN:ANONYMOUS -> krbtgt/REALM.COM@REALM.COM using ccache FILE:/tmp/krb5cc_1000 | |
[4513] 1460067090.350601: Retrieving WELLKNOWN/ANONYMOUS@WELLKNOWN:ANONYMOUS -> krbtgt/REALM.COM@REALM.COM from FILE:/tmp/krb5cc_1000 with result: 0/Success | |
[4513] 1460067090.350709: Armor ccache sesion key: aes256-cts/0DB9 | |
[4513] 1460067090.350789: Creating authenticator for WELLKNOWN/ANONYMOUS@WELLKNOWN:ANONYMOUS -> krbtgt/REALM.COM@REALM.COM, seqnum 0, subkey aes256-cts/5902, session key aes256-cts/0DB9 | |
[4513] 1460067090.350984: FAST armor key: aes256-cts/834F | |
[4513] 1460067090.351053: Encoding request body and padata into FAST request | |
[4513] 1460067090.351148: Sending request (955 bytes) to REALM.COM | |
[4513] 1460067090.351213: Resolving hostname kdc01.realm.com | |
[4513] 1460067090.353595: Sending initial UDP request to dgram 10.10.0.4:88 | |
[4513] 1460067090.360897: Received answer (601 bytes) from dgram 10.10.0.4:88 | |
[4513] 1460067090.362748: Response was not from master KDC | |
[4513] 1460067090.362884: Received error from KDC: -1765328359/Additional pre-authentication required | |
[4513] 1460067090.362965: Decoding FAST response | |
[4513] 1460067090.363132: Processing preauth types: 16, 15, 14, 136, 147, 141, 133, 137 | |
[4513] 1460067090.363213: Received cookie: MIT | |
[4513] 1460067090.363304: PKINIT client has no configured identity; giving up | |
[4513] 1460067090.363415: Preauth module pkinit (147) (info) returned: 0/Success | |
[4513] 1460067090.363498: PKINIT client has no configured identity; giving up | |
[4513] 1460067090.363564: Preauth module pkinit (16) (real) returned: 22/Invalid argument | |
[4513] 1460067090.363641: PKINIT client has no configured identity; giving up | |
[4513] 1460067090.363705: Preauth module pkinit (14) (real) returned: 22/Invalid argument | |
[4513] 1460067090.364498: PKINIT client has no configured identity; giving up | |
[4513] 1460067090.364579: Preauth module pkinit (14) (real) returned: 22/Invalid argument | |
Enter OTP Token Value: | |
[4513] 1460067103.336774: Preauth module otp (141) (real) returned: 0/Success | |
[4513] 1460067103.336923: Produced preauth for next request: 133, 142 | |
[4513] 1460067103.337028: Encoding request body and padata into FAST request | |
[4513] 1460067103.337243: Sending request (1096 bytes) to REALM.COM | |
[4513] 1460067103.337412: Resolving hostname kdc01.realm.com | |
[4513] 1460067103.339839: Sending initial UDP request to dgram 10.10.0.4:88 | |
[4513] 1460067103.490579: Received answer (934 bytes) from dgram 10.10.0.4:88 | |
[4513] 1460067103.493242: Response was not from master KDC | |
[4513] 1460067103.493420: Decoding FAST response | |
[4513] 1460067103.493631: Processing preauth types: (empty) | |
[4513] 1460067103.493757: Produced preauth for next request: (empty) | |
[4513] 1460067103.493854: Salt derived from principal: REALM.COMd_santos | |
[4513] 1460067103.493993: AS key determined by preauth: aes256-cts/834F | |
[4513] 1460067103.494118: FAST reply key: aes256-cts/44BA | |
[4513] 1460067103.494244: Decrypted AS reply; session key is: aes256-cts/F0D6 | |
[4513] 1460067103.494355: FAST negotiation: available | |
[4513] 1460067103.494449: Initializing FILE:/tmp/krb5cc_1000 with default princ d_santos@REALM.COM | |
[4513] 1460067103.494831: Removing d_santos@REALM.COM -> krbtgt/REALM.COM@REALM.COM from FILE:/tmp/krb5cc_1000 | |
[4513] 1460067103.494942: Storing d_santos@REALM.COM -> krbtgt/REALM.COM@REALM.COM in FILE:/tmp/krb5cc_1000 | |
[4513] 1460067103.495122: Storing config in FILE:/tmp/krb5cc_1000 for krbtgt/REALM.COM@REALM.COM: fast_avail: yes | |
[4513] 1460067103.495233: Removing d_santos@REALM.COM -> krb5_ccache_conf_data/fast_avail/krbtgt\/REALM.COM\@REALM.COM@X-CACHECONF: from FILE:/tmp/krb5cc_1000 | |
[4513] 1460067103.495317: Storing d_santos@REALM.COM -> krb5_ccache_conf_data/fast_avail/krbtgt\/REALM.COM\@REALM.COM@X-CACHECONF: in FILE:/tmp/krb5cc_1000 | |
[4513] 1460067103.495482: Storing config in FILE:/tmp/krb5cc_1000 for krbtgt/REALM.COM@REALM.COM: pa_type: 141 | |
[4513] 1460067103.495585: Removing d_santos@REALM.COM -> krb5_ccache_conf_data/pa_type/krbtgt\/REALM.COM\@REALM.COM@X-CACHECONF: from FILE:/tmp/krb5cc_1000 | |
[4513] 1460067103.495664: Storing d_santos@REALM.COM -> krb5_ccache_conf_data/pa_type/krbtgt\/REALM.COM\@REALM.COM@X-CACHECONF: in FILE:/tmp/krb5cc_1000 | |
ubuntu@uservm-test:~$ klist -a | |
Ticket cache: FILE:/tmp/krb5cc_1000 | |
Default principal: d_santos@REALM.COM | |
Valid starting Expires Service principal | |
04/07/16 22:11:46 04/08/16 08:11:46 krbtgt/REALM.COM@REALM.COM | |
renew until 04/08/16 22:11:33 | |
Addresses: (none) | |
ubuntu@uservm-test:~$ |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment