Date: Tue, 14 Apr 2020 19:46:30 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 245623] infinite growth of krb5cc while requesting data from trusted domain Message-ID: <bug-245623-227@https.bugs.freebsd.org/bugzilla/>
index | next in thread | raw e-mail
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=245623 Bug ID: 245623 Summary: infinite growth of krb5cc while requesting data from trusted domain Product: Base System Version: 11.3-RELEASE Hardware: Any OS: Any Status: New Severity: Affects Only Me Priority: --- Component: bin Assignee: bugs@FreeBSD.org Reporter: bugs.freebsd.org@mx.zzux.com I have 2 AD domains with mutual trust relationship, 'main.local' & 'trusted.local'. There is keytab issued for server@main.local. > kinit -t "${keytab_file}" "server@main.local" > klist Credentials cache: FILE:/ram-disk/krb5cc Principal: SERVER@MAIN.LOCAL Issued Expires Principal Apr 14 19:24:10 2020 Apr 15 05:24:10 2020 krbtgt/MAIN.LOCAL@MAIN.LOCAL Now repeat command below several times: > ldapsearch -o ldif-wrap=no -LLL -h main.local -Q -Y GSSAPI -b "dc=main,dc=local" "(cn=guest)" cn dn: CN=Guest,CN=Users,DC=main,DC=local cn: Guest # refldap://ForestDnsZones.main.local/DC=ForestDnsZones,DC=main,DC=local # refldap://DomainDnsZones.main.local/DC=DomainDnsZones,DC=main,DC=local # refldap://main.local/CN=Configuration,DC=main,DC=local > klist Credentials cache: FILE:/ram-disk/krb5cc Principal: SERVER@MAIN.LOCAL Issued Expires Principal Apr 14 19:24:10 2020 Apr 15 05:24:10 2020 krbtgt/MAIN.LOCAL@MAIN.LOCAL Apr 14 19:25:49 2020 Apr 15 05:24:10 2020 ldap/dc.MAIN.local@MAIN.LOCAL It's ok. And now repeat same command, but for trusted domain: > ldapsearch -o ldif-wrap=no -LLL -h trusted.local -Q -Y GSSAPI -b "dc=trusted,dc=local" "(cn=guest)" cn dn: CN=Guest,CN=Users,DC=trusted,DC=local cn: Guest # refldap://ForestDnsZones.trusted.local/DC=ForestDnsZones,DC=trusted,DC=local # refldap://DomainDnsZones.trusted.local/DC=DomainDnsZones,DC=trusted,DC=local # refldap://trusted.local/CN=Configuration,DC=trusted,DC=local > klist Credentials cache: FILE:/ram-disk/krb5cc Principal: SERVER@MAIN.LOCAL Issued Expires Principal Apr 14 19:24:10 2020 Apr 15 05:24:10 2020 krbtgt/MAIN.LOCAL@MAIN.LOCAL Apr 14 19:25:49 2020 Apr 15 05:24:10 2020 ldap/dc.MAIN.local@MAIN.LOCAL Apr 14 19:30:41 2020 Apr 15 05:24:10 2020 krbtgt/TRUSTED.LOCAL@MAIN.LOCAL Apr 14 19:30:42 2020 Apr 15 05:24:10 2020 ldap/dc.TRUSTED.local@TRUSTED.LOCAL Apr 14 19:30:43 2020 Apr 15 05:24:10 2020 krbtgt/TRUSTED.LOCAL@MAIN.LOCAL Apr 14 19:30:42 2020 Apr 15 05:24:10 2020 ldap/dc.TRUSTED.local@TRUSTED.LOCAL Apr 14 19:30:43 2020 Apr 15 05:24:10 2020 krbtgt/TRUSTED.LOCAL@MAIN.LOCAL Apr 14 19:30:42 2020 Apr 15 05:24:10 2020 ldap/dc.TRUSTED.local@TRUSTED.LOCAL Apr 14 19:30:44 2020 Apr 15 05:24:10 2020 krbtgt/TRUSTED.LOCAL@MAIN.LOCAL Apr 14 19:30:42 2020 Apr 15 05:24:10 2020 ldap/dc.TRUSTED.local@TRUSTED.LOCAL Apr 14 19:30:44 2020 Apr 15 05:24:10 2020 krbtgt/TRUSTED.LOCAL@MAIN.LOCAL Apr 14 19:30:42 2020 Apr 15 05:24:10 2020 ldap/dc.TRUSTED.local@TRUSTED.LOCAL Every time command run, new two records in cache add. This causes more and more slowly operation. -- You are receiving this mail because: You are the assignee for the bug.help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-245623-227>