Feature #17319

Handle kerberos ticket expiration in Gss nsupdate module

Added by Dmitri Dolguikh about 1 year ago. Updated 11 months ago.

Assigned To:-
Target version:Foreman - Team Ivan Iteration 7
Difficulty: Bugzilla link:
Found in release: Pull request:
Story points-
Velocity based estimate-


When using Windows 2008 AD, kerberos ticket is retained by the module after its expiration. This leads to failures when attempting to create/delete dns records.

Kerberos error: tkey query failed: GSSAPI error: Major = Unspecified GSS failure. Minor code may provide more information, Minor = Ticket expired.


#1 Updated by Dmitri Dolguikh about 1 year ago

  • Target version set to Team Ivan Iteration 7

#2 Updated by Dmitri Dolguikh 11 months ago

  • Tracker changed from Bug to Feature
  • Status changed from New to Rejected

Smart proxy renews kerberos tickets on every request via Kerberos::Krb5#get_init_creds_keytab. The original report was a request for enhancement, the reporter never provided smart-proxy logs substantiating the issue. Will reopen the ticket should more details become available.

Also available in: Atom PDF