Bug 828066 - klist says expiration date is in the past
klist says expiration date is in the past
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: krb5 (Show other bugs)
Unspecified Unspecified
unspecified Severity unspecified
: rc
: ---
Assigned To: Nalin Dahyabhai
BaseOS QE Security Team
Depends On:
  Show dependency treegraph
Reported: 2012-06-04 03:29 EDT by Michal Trunecka
Modified: 2014-09-30 19:33 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2012-06-11 03:57:13 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Michal Trunecka 2012-06-04 03:29:23 EDT
Description of problem:
I checked my kerberos credentials on RHEL7 and klist claim that expiration date of the ticket is in the past. See the following output from klist:

[root@dhcp-24-117 bz747239-quota_nld-and-similar]# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: mtruneck@REDHAT.COM

Valid starting     Expires            Service principal
06/04/12 08:56:13  05/31/12 15:13:58  krbtgt/REDHAT.COM@REDHAT.COM
	renew until 06/04/12 08:56:13

Version-Release number of selected component (if applicable):

[root@dhcp-24-117 bz747239-quota_nld-and-similar]# rpm -qa krb5\*

How reproducible:

Steps to Reproduce:
1. Authenticate with kerberos (kinit)
2. Run klist
Actual results:
Expiration date is in the past

Expected results:
Expiration date is in the future

Additional info:

This is the same output on RHEL6.3:
[mtrunecka@dhcp-24-198 ~]$ klist
Ticket cache: FILE:/tmp/krb5cc_501
Default principal: mtruneck@REDHAT.COM

Valid starting     Expires            Service principal
06/04/12 08:12:21  06/04/12 18:12:21  krbtgt/REDHAT.COM@REDHAT.COM
	renew until 06/04/12 08:12:21
Comment 1 Nalin Dahyabhai 2012-06-04 11:26:56 EDT
Please attach or paste in the contents of your /etc/krb5.conf file, so that we can be sure we're using the same settings that you are.
Comment 2 Michal Trunecka 2012-06-06 02:55:39 EDT
Here is my /etc/krb5.confL

[root@dhcp-24-117 ~]# cat /etc/krb5.conf 
 default = FILE:/var/log/krb5libs.log
 kdc = FILE:/var/log/krb5kdc.log
 admin_server = FILE:/var/log/kadmind.log

 dns_lookup_realm = false
 ticket_lifetime = 24h
 renew_lifetime = 7d
 forwardable = true
# default_realm = EXAMPLE.COM

 default_realm = REDHAT.COM
 dns_lookup_kdc = false
#  kdc = kerberos.example.com
#  admin_server = kerberos.example.com
# }

  kdc = kerberos.corp.redhat.com
  admin_server = kerberos.corp.redhat.com

# .example.com = EXAMPLE.COM
# example.com = EXAMPLE.COM
 redhat.com = REDHAT.COM
 .redhat.com = REDHAT.COM
Comment 3 Nalin Dahyabhai 2012-06-06 10:32:01 EDT
Even with the same binaries and configuration, I couldn't reproduce this.  Are you certain that the date is correctly set on your client?
Comment 4 Michal Trunecka 2012-06-11 03:57:13 EDT
Yes, that's it, I had wrong time. It was virutal machine and it didn't synchronize the time. I'm sorry for this unneccessary bug report.

Note You need to log in before you can comment on or make changes to this bug.