[Bug 285775] kinit: krb5_get_init_creds: Clock skew too great after daylight saving time change in Europe

In reply to: bugzilla-noreply_a_freebsd.org: "[Bug 285775] kinit: krb5_get_init_creds: Clock skew too great after daylight saving time change in Europe"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Sun, 30 Mar 2025 13:53:17 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=285775

--- Comment #1 from Marcin Cieślak <saper@saper.info> ---
Looks like the client time reported by kdc.log is really wrong.

Kerberos credential cache contains the old expired ticket before the DST
change:

> klist | sed '(rename)'
Credentials cache: FILE:/tmp/krb5cc_169
        Principal: saper@EXAMPLE.ORG

  Issued                Expires        Principal
Mar 29 18:43:10 2025  >>>Expired<<<  krbtgt/EXAMPLE.ORG@EXAMPLE.ORG
Mar 29 18:43:13 2025  >>>Expired<<<  host/o.example.org@EXAMPLE.ORG
Mar 29 18:43:21 2025  >>>Expired<<<  host/q.example.org@EXAMPLE.ORG
Mar 29 18:43:21 2025  >>>Expired<<<  host/q.example.org@EXAMPLE.ORG
Mar 29 18:43:21 2025  >>>Expired<<<  host/q.example.org@EXAMPLE.ORG

Workaround: Removing this fixes the problem

-- 
You are receiving this mail because:
You are the assignee for the bug.