Project

General

Profile

Feature #17319

Handle kerberos ticket expiration in Gss nsupdate module

Added by Dmitri Dolguikh almost 2 years ago. Updated 3 months ago.

Status:
Rejected
Priority:
Normal
Assignee:
-
Category:
DNS
Target version:
Difficulty:
Triaged:
Bugzilla link:
Pull request:
Team Backlog:
Fixed in Releases:
Found in Releases:

Description

When using Windows 2008 AD, kerberos ticket is retained by the module after its expiration. This leads to failures when attempting to create/delete dns records.

Kerberos error: tkey query failed: GSSAPI error: Major = Unspecified GSS failure. Minor code may provide more information, Minor = Ticket expired.

History

#1 Updated by Dmitri Dolguikh almost 2 years ago

  • Target version set to 1.15.3

#2 Updated by Dmitri Dolguikh almost 2 years ago

  • Tracker changed from Bug to Feature
  • Status changed from New to Rejected

Smart proxy renews kerberos tickets on every request via Kerberos::Krb5#get_init_creds_keytab. The original report was a request for enhancement, the reporter never provided smart-proxy logs substantiating the issue. Will reopen the ticket should more details become available.

Also available in: Atom PDF