Rocksolid Light

Welcome to novaBBS (click a section below)

mail  files  register  newsreader  groups  login

Message-ID:  

MOUNT TAPE U1439 ON B3, NO RING

devel / comp.protocols.kerberos / Re: unexpected failure for GSS Pg server

SubjectAuthor
o Re: unexpected failure for GSS Pg serverMatt Zagrabelny

1
Re: unexpected failure for GSS Pg server

<mailman.32.1645063144.8148.kerberos@mit.edu>

  copy mid

https://www.novabbs.com/devel/article-flat.php?id=222&group=comp.protocols.kerberos#222

  copy link   Newsgroups: comp.protocols.kerberos
Path: i2pn2.org!i2pn.org!weretis.net!feeder6.news.weretis.net!tncsrv06.tnetconsulting.net!.POSTED.mailman.mit.edu!not-for-mail
From: mzagr...@d.umn.edu (Matt Zagrabelny)
Newsgroups: comp.protocols.kerberos
Subject: Re: unexpected failure for GSS Pg server
Date: Wed, 16 Feb 2022 19:58:27 -0600
Organization: TNet Consulting
Lines: 28
Message-ID: <mailman.32.1645063144.8148.kerberos@mit.edu>
References: <CAOLfK3WxoVrNQdwjtoM9tv1ED_6c5C8vAWDB38OVWZBYTnV9Lg@mail.gmail.com>
<CAOLfK3VPayYwxxDqQMH3urg3kL3=sKfsTkDkVphCJP9KDEq6=w@mail.gmail.com>
<20220208230121.ofmo6nj6k6gra4dn@maia.oucs.ox.ac.uk>
<CAOLfK3Xki=zKNgwBVXwhHM0EXgbd+rchq_KY=e6b3Btvj6PcKA@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Injection-Info: tncsrv06.tnetconsulting.net; posting-host="mailman.mit.edu:18.7.21.50";
logging-data="31896"; mail-complaints-to="newsmaster@tnetconsulting.net"
Cc: kerberos <kerberos@mit.edu>
To: Dameon Wagner <dameon.wagner@it.ox.ac.uk>
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
b=O0IaXTpDGP0GE5+fKTEyB1C/nwkQ/1kQcHpL8CLP5iCfzIS6kAT/Vxf60gvxb93JYx6Cov6w880n4SCquDFIXHeSfyq/+OmUqxufk/mKaCZGnWD5bx+u7cLuvUWXf4eR0EgahyJJTZP0D1CuSoMNRe11kPnXanemjx6eyiFQfhr/ihK6H5lxjPVgu7rsxSzFnu3Ied7R8lLgQchWsXneGF+ooQWUiWKwV0R6bghC2T753YrhAHGce4yFKvhy/rafHAku0JMZQhO9YRLJUobF/RktqrR6lM4OKS1kGnMSaCta+bGAQXJAFdhIFAG4xNh8cMhPz3Ky8bQIF2gn4UwuFw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=EAmi4DaQis4Lr+1Jehl0vslnepDsdgHKHiwWlpM1HI8=;
b=aHvjAnO5InLarwYwVFoL8Fn249d69kvNQxuCTi2Vlw0u6CvlTssjIsuYTI7Nz1v2BfZ0Fck/u12q2N9bYavQIEQiPUaaYHgp7yiPv314qMSbVnc7Bj70LnXZsrR9WsmzBuJONmLpQdZsrTxkVW9KpvZQSXYKxvQsIInv1lud7ZVi6ag2OStbGXaN8Hcp2GKSMJuORKB9B2QYRzJG+aOH1Qxc7ZoYm9q8YnqnAfViQYG54sLZqns6oTYmY3O8EwZl5kV4pLdVDXbV8R3ZYkrsqHUl6XyCVWgZ1xNM8im7nFD0inodxbjSDw43ykTr2AsCqYxI2gm2DYEwbiEsSwQc+w==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is
134.84.196.205) smtp.rcpttodomain=mit.edu smtp.mailfrom=d.umn.edu; dmarc=pass
(p=reject sp=reject pct=100) action=none header.from=d.umn.edu; dkim=pass
(signature was verified) header.d=d.umn.edu; arc=none (0)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=mitprod.onmicrosoft.com; s=selector2-mitprod-onmicrosoft-com;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=EAmi4DaQis4Lr+1Jehl0vslnepDsdgHKHiwWlpM1HI8=;
b=r03rMvvOT0tsRuieiIdQ8xiAvVXK2+4s3pJFRV7IfMohkXL2lNf9snYVKKA7N1qHF3P2cv1Pc6uNT2ymXsZ+QjqbjQlPJf1u+lhhPQ990sqiYv6XUEgqZ/AtAPVfac7rZB0hHAiewqxk/tc5J4zPmq4LJ9nn4vFA54hxWMM7HaQ=
Authentication-Results: spf=pass (sender IP is 134.84.196.205)
smtp.mailfrom=d.umn.edu; dkim=pass (signature was verified)
header.d=d.umn.edu;dmarc=pass action=none header.from=d.umn.edu;
Received-SPF: Pass (protection.outlook.com: domain of d.umn.edu designates
134.84.196.205 as permitted sender) receiver=protection.outlook.com;
client-ip=134.84.196.205; helo=mta-p5.oit.umn.edu;
X-Virus-Scanned: amavisd-new at umn.edu
DMARC-Filter: OpenDMARC Filter v1.3.2 mta-p5.oit.umn.edu 4JzdKC3twNz9vBqk
DKIM-Filter: OpenDKIM Filter v2.11.0 mta-p5.oit.umn.edu 4JzdKC3twNz9vBqk
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=d.umn.edu; s=google;
h=mime-version:references:in-reply-to:from:date:message-id:subject:to
:cc; bh=EAmi4DaQis4Lr+1Jehl0vslnepDsdgHKHiwWlpM1HI8=;
b=LSLHavN2zq6pBb765MIvXjyFI5Vs+FydrGPk5W55kWfk6TAizfqfnLoefR43NI5fnf
KGCDMPo8QF/WxR/R1GjpaENwjlRDHNjiXyimNf+a1G3t+22KScX8jUH17rO129fDj5Tl
f2jNoS4eKqATj+AinXrF552cn9xo8MK/T2YDoyo3HxoSLQ+bxjJbQL/OQBoAkYEIZ2Jj
Z0Dcqt0Wkdq2/gjXhAVNR89MX/eLgN1k2521eysASs7AjC9eatgwxpYiCi5yT0xNi5n0
9JJKsqH/+jR10Yuf5cOVQ5FMOEu3t8zCfr5jW5SQMsBbpod3uhbFuEmiP5F1pRdj73IS
SQjg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20210112;
h=x-gm-message-state:mime-version:references:in-reply-to:from:date
:message-id:subject:to:cc;
bh=EAmi4DaQis4Lr+1Jehl0vslnepDsdgHKHiwWlpM1HI8=;
b=RaFlMOQ3thsGIQNvvytl53JzSHrTRw8Ic8fejAXIopx1aDW3UmO2C0NmP+Zrz945Jb
jLgVXgpJrudvkKJNM7RRXGYJR77WHqbCUgg0BIsbx6veu11XUZt5WwFdcjrHfUPv5uwp
h2C4KCcZ1sYA124UhpTGy1n/s9gIAuPNA4ZPUKseScZJtHBGq2nehk4cBVQ60Ko52pnm
LlB7lkWdu/XhKqrR2s4Ns8K85posfzzHvxiClwsmv+1lZFS2Pmm8P9fZlHdTqsMcgJ4k
XJ8KIrX43jBR0Tqc78ca94SNk+L2kLr8AklbWMC6KnmYmZCUTVZaT1s+qL3Z9hGxLZDe
abQg==
X-Gm-Message-State: AOAM532XHSgUO3qELVxjMrsbjO2pvy5LZicOZ8vn+RuiRH/p47tYPS1O
8kFFOp77m3zvffBWRt6MR5X94wf/KupIiw8P8UkyLV4Duai6LZuuhJHOlN0X0Icq8t/3xeZSM6e
EXJjU4tBTFb32xa86K3NRBCZskf8R
X-Received: by 2002:a05:620a:748:b0:5e9:6750:d54c with SMTP id
i8-20020a05620a074800b005e96750d54cmr364167qki.25.1645063118819;
Wed, 16 Feb 2022 17:58:38 -0800 (PST)
X-Google-Smtp-Source: ABdhPJzo+eccb7q+g6myU9KQgsysG0wf9SVQH+JBlxaSzYm+XAFqH4dtCdaAav0A/ScdK2keStO1Fa0iwjjnSzMaEH8=
X-Received: by 2002:a05:620a:748:b0:5e9:6750:d54c with SMTP id
i8-20020a05620a074800b005e96750d54cmr364159qki.25.1645063118618; Wed, 16 Feb
2022 17:58:38 -0800 (PST)
In-Reply-To: <20220208230121.ofmo6nj6k6gra4dn@maia.oucs.ox.ac.uk>
X-EOPAttributedMessage: 0
X-EOPTenantAttributedMessage: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b:0
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 45397468-b0a3-4da1-c0c2-08d9f1b904b5
X-MS-TrafficTypeDiagnostic: BL0PR01MB4403:EE_
X-LD-Processed: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b,ExtAddr
X-MS-Exchange-AtpMessageProperties: SA
X-Microsoft-Antispam-PRVS: <BL0PR01MB440319ED444B59B48743B5AE99369@BL0PR01MB4403.prod.exchangelabs.com>
X-MS-Oob-TLC-OOBClassifiers: OLM:8882;
X-MS-Exchange-SenderADCheck: 0
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: ZFL2eX/hEJoV2mio21Oc2dqeA2kkKe2Rt0JWN8YKwDspeTJ7Tzqc9ciZIWNOsa9Doyq11BfolGxNYG5S7cAs42RXD5ESTGJOLQVW56jYNQOqtmXNY9RAK/oCFgd0SltulKieQh0UvyT7x15t8fT/HDc4GmINSAHYK6ba4aSPFnZZkMMjnzwMn3db8Q59CSxee4aYrUYwmvpIktFmF+iOsG3JEy1yQpaPGuYnvvkn23fwLXu6/Ed/xxP5v8AUvnfHqdr0Ktf4cllLK9X1Cg6RciihceRKlnFCUWjy1xthtzloSSceY8hamp4yeMMUPxLiqNcBSBoxHlGJvxhBKdfP8TYJhld5NXZ0HZWWjMPkdAPmcpgJRSyMuJxfLmAQKiYVnrAqaOcj8ikcusBRGJnTfs2i32JlZ5NSvV17X2/rT+c3qebtjri0xDkXsEEgBT/suulNy/Wu9B62q42FLoYAik6tgI20ND8Pj1zWrhTRJXclyAwjSQkFUuGBM3Ec10YDL8b8VqAVVKeK7qpcZzfuqygk/OpvMlXZQhdX755HQyOQnTU+j/OK8SDolQ9oGoo9JpTVU4MFoMHCsGHfgGRmmlUVDE7GI293+mlNHcNQ33Q=
X-Forefront-Antispam-Report: CIP:134.84.196.205; CTRY:US; LANG:en; SCL:1; SRV:;
IPV:NLI; SFV:NSPM; H:mta-p5.oit.umn.edu; PTR:mta-p5.oit.umn.edu; CAT:NONE;
SFS:(13230001)(4636009)(2906002)(68406010)(8676002)(55446002)(75432002)(86362001)(5660300002)(6862004)(4326008)(83380400001)(70586007)(336012)(26005)(6666004)(7596003)(316002)(356005)(508600001)(786003)(9686003)(53546011)(42186006)(33964004);
DIR:OUT; SFP:1102;
X-Auto-Response-Suppress: DR, OOF, AutoReply
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 17 Feb 2022 01:58:39.9587 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 45397468-b0a3-4da1-c0c2-08d9f1b904b5
X-MS-Exchange-CrossTenant-Id: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b
X-MS-Exchange-CrossTenant-AuthSource: DM6NAM11FT054.eop-nam11.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: Internet
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL0PR01MB4403
X-OriginatorOrg: mitprod.onmicrosoft.com
X-Content-Filtered-By: Mailman/MimeDel 2.1.34
X-BeenThere: kerberos@mit.edu
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: The Kerberos Authentication System Mailing List <kerberos.mit.edu>
List-Unsubscribe: <https://mailman.mit.edu/mailman/options/kerberos>,
<mailto:kerberos-request@mit.edu?subject=unsubscribe>
List-Archive: <http://mailman.mit.edu/pipermail/kerberos/>
List-Post: <mailto:kerberos@mit.edu>
List-Help: <mailto:kerberos-request@mit.edu?subject=help>
List-Subscribe: <https://mailman.mit.edu/mailman/listinfo/kerberos>,
<mailto:kerberos-request@mit.edu?subject=subscribe>
X-Mailman-Original-Message-ID: <CAOLfK3Xki=zKNgwBVXwhHM0EXgbd+rchq_KY=e6b3Btvj6PcKA@mail.gmail.com>
X-Mailman-Original-References: <CAOLfK3WxoVrNQdwjtoM9tv1ED_6c5C8vAWDB38OVWZBYTnV9Lg@mail.gmail.com>
<CAOLfK3VPayYwxxDqQMH3urg3kL3=sKfsTkDkVphCJP9KDEq6=w@mail.gmail.com>
<20220208230121.ofmo6nj6k6gra4dn@maia.oucs.ox.ac.uk>
 by: Matt Zagrabelny - Thu, 17 Feb 2022 01:58 UTC

On Tue, Feb 8, 2022 at 5:03 PM Dameon Wagner <dameon.wagner@it.ox.ac.uk>
wrote:

>
> Armed with that information, the most likely solution would be to
> extract a fresh keytab (using either the kadmin "ktadd" subcommand, or
> the handy `k5srvutil` command).
>

Thanks for the detailed instructions, Dameon!

Do you know why performing the ktadd increases the kvno? I believe that is
what tripped me up. I thought I was just "re-exporting" the key from the
KDC.

>
> It may appear a bit old, but the O'Reilly book is still a classic
> resource for becoming familiar with Kerberos and how it functions.
>

Ha! Yup! That book is in the office and I have been WFH for the last two
years. :/

Thanks again for the help!

-m

1
server_pubkey.txt

rocksolid light 0.9.8
clearnet tor