Hi Liam,
Did this start recently? I wonder if the recent (local) DNS changes might
have affected how Kerberos clients function.
Similarly, are there any differences between the two data centers? (There
were recent router changes to fix DNS problems on the one of the subnets
involved.)
--- Richard Conto
DNA Sequencing Core
Biomedical Research Core Facilities
Medical School Administration Office of Research
NCRC Bldg 14 room 168 -- (734) 764-7620
On Thu, May 29, 2014 at 2:18 PM, Liam Hoekenga <[email protected]> wrote:
> Our cosign installation uses kerberos and friend as the primary
> authenticators.
> We're getting instances of this error in our logs:
>
> Couldn't identify an authenticator for /USERNAME/
>
> I can find where this error occurs in the source code, but I can't really
> figure out what would trigger it. The problem usernames all seem to be
> valid, active kerberos principals, and our logs indicate that sometimes the
> problem usernames *are* able to authenticate.
>
> The failures are initiated by a wide variety of cosign service providers.
> They seem to happen in batches - we had ~360 between 14:00 - 14:15 today,
> though that might be a bad observation.. Splunk shows that we see ~5k-20k
> of these a day.
>
> Any ideas?
> Liam
>
>
> ------------------------------------------------------------------------------
> Time is money. Stop wasting it! Get your web API in 5 minutes.
> www.restlet.com/download
> http://p.sf.net/sfu/restlet
> _______________________________________________
> Cosign-discuss mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/cosign-discuss
>
>
------------------------------------------------------------------------------
Time is money. Stop wasting it! Get your web API in 5 minutes.
www.restlet.com/download
http://p.sf.net/sfu/restlet
_______________________________________________
Cosign-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/cosign-discuss
