Feature #17319

Handle kerberos ticket expiration in Gss nsupdate module

Added by Dmitri Dolguikh over 1 year ago. Updated 6 days ago.

Target version:1.15.3
Difficulty: Team Backlog:
Triaged: Fixed in Releases:
Bugzilla link: Found in Releases:
Pull request:


When using Windows 2008 AD, kerberos ticket is retained by the module after its expiration. This leads to failures when attempting to create/delete dns records.

Kerberos error: tkey query failed: GSSAPI error: Major = Unspecified GSS failure. Minor code may provide more information, Minor = Ticket expired.


#1 Updated by Dmitri Dolguikh over 1 year ago

  • Target version set to 1.15.3

#2 Updated by Dmitri Dolguikh over 1 year ago

  • Tracker changed from Bug to Feature
  • Status changed from New to Rejected

Smart proxy renews kerberos tickets on every request via Kerberos::Krb5#get_init_creds_keytab. The original report was a request for enhancement, the reporter never provided smart-proxy logs substantiating the issue. Will reopen the ticket should more details become available.

Also available in: Atom PDF