[Bug 245623] infinite growth of krb5cc while requesting data from trusted domain
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Tue Apr 14 19:46:30 UTC 2020
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=245623
Bug ID: 245623
Summary: infinite growth of krb5cc while requesting data from
trusted domain
Product: Base System
Version: 11.3-RELEASE
Hardware: Any
OS: Any
Status: New
Severity: Affects Only Me
Priority: ---
Component: bin
Assignee: bugs at FreeBSD.org
Reporter: bugs.freebsd.org at mx.zzux.com
I have 2 AD domains with mutual trust relationship, 'main.local' &
'trusted.local'.
There is keytab issued for server at main.local.
> kinit -t "${keytab_file}" "server at main.local"
> klist
Credentials cache: FILE:/ram-disk/krb5cc
Principal: SERVER at MAIN.LOCAL
Issued Expires Principal
Apr 14 19:24:10 2020 Apr 15 05:24:10 2020 krbtgt/MAIN.LOCAL at MAIN.LOCAL
Now repeat command below several times:
> ldapsearch -o ldif-wrap=no -LLL -h main.local -Q -Y GSSAPI -b "dc=main,dc=local" "(cn=guest)" cn
dn: CN=Guest,CN=Users,DC=main,DC=local
cn: Guest
# refldap://ForestDnsZones.main.local/DC=ForestDnsZones,DC=main,DC=local
# refldap://DomainDnsZones.main.local/DC=DomainDnsZones,DC=main,DC=local
# refldap://main.local/CN=Configuration,DC=main,DC=local
> klist
Credentials cache: FILE:/ram-disk/krb5cc
Principal: SERVER at MAIN.LOCAL
Issued Expires Principal
Apr 14 19:24:10 2020 Apr 15 05:24:10 2020 krbtgt/MAIN.LOCAL at MAIN.LOCAL
Apr 14 19:25:49 2020 Apr 15 05:24:10 2020 ldap/dc.MAIN.local at MAIN.LOCAL
It's ok.
And now repeat same command, but for trusted domain:
> ldapsearch -o ldif-wrap=no -LLL -h trusted.local -Q -Y GSSAPI -b "dc=trusted,dc=local" "(cn=guest)" cn
dn: CN=Guest,CN=Users,DC=trusted,DC=local
cn: Guest
# refldap://ForestDnsZones.trusted.local/DC=ForestDnsZones,DC=trusted,DC=local
# refldap://DomainDnsZones.trusted.local/DC=DomainDnsZones,DC=trusted,DC=local
# refldap://trusted.local/CN=Configuration,DC=trusted,DC=local
> klist
Credentials cache: FILE:/ram-disk/krb5cc
Principal: SERVER at MAIN.LOCAL
Issued Expires Principal
Apr 14 19:24:10 2020 Apr 15 05:24:10 2020 krbtgt/MAIN.LOCAL at MAIN.LOCAL
Apr 14 19:25:49 2020 Apr 15 05:24:10 2020 ldap/dc.MAIN.local at MAIN.LOCAL
Apr 14 19:30:41 2020 Apr 15 05:24:10 2020 krbtgt/TRUSTED.LOCAL at MAIN.LOCAL
Apr 14 19:30:42 2020 Apr 15 05:24:10 2020 ldap/dc.TRUSTED.local at TRUSTED.LOCAL
Apr 14 19:30:43 2020 Apr 15 05:24:10 2020 krbtgt/TRUSTED.LOCAL at MAIN.LOCAL
Apr 14 19:30:42 2020 Apr 15 05:24:10 2020 ldap/dc.TRUSTED.local at TRUSTED.LOCAL
Apr 14 19:30:43 2020 Apr 15 05:24:10 2020 krbtgt/TRUSTED.LOCAL at MAIN.LOCAL
Apr 14 19:30:42 2020 Apr 15 05:24:10 2020 ldap/dc.TRUSTED.local at TRUSTED.LOCAL
Apr 14 19:30:44 2020 Apr 15 05:24:10 2020 krbtgt/TRUSTED.LOCAL at MAIN.LOCAL
Apr 14 19:30:42 2020 Apr 15 05:24:10 2020 ldap/dc.TRUSTED.local at TRUSTED.LOCAL
Apr 14 19:30:44 2020 Apr 15 05:24:10 2020 krbtgt/TRUSTED.LOCAL at MAIN.LOCAL
Apr 14 19:30:42 2020 Apr 15 05:24:10 2020 ldap/dc.TRUSTED.local at TRUSTED.LOCAL
Every time command run, new two records in cache add. This causes more and more
slowly operation.
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-bugs
mailing list