Bug#550606: libapache2-mod-auth-kerb: Multiple (redundant?) queries to KDC

Denis Feklushkin Sun, 11 Oct 2009 07:34:33 -0700

Package: libapache2-mod-auth-kerb
Version: 5.3-5+b1
Severity: minor

On my system module makes a fairly large number of similar requests in
KDC. In this case, the authentication process has been delayed for
several minutes.



apache log:
www.h-----g.com:80 192.168.1.75 - tes...@h-----g.com [11/Oct/2009:22:04:05 
+0800] "GET /profile/ HTTP/1.1" 200 477 "-" "Mozilla/5.0 (X11; U; Linux i686; 
ru; rv:1.9.0.13) Gecko/2009082121 Iceweasel/3.0.6 (Debian-3.0.6-3)"
www.h-----g.com:80 192.168.1.75 - - [11/Oct/2009:22:07:48 +0800] "GET 
/favicon.ico HTTP/1.1" 404 271 "-" "Mozilla/5.0 (X11; U; Linux i686; ru; 
rv:1.9.0.13) Gecko/2009082121 Iceweasel/3.0.6 (Debian-3.0.6-3)"

I.e., apache2 received browser request in 22:04:05.
And only in ~22:07:30 answer to requested page was successfully
received by browser. (End time is not written to the log)
When using the browser google chrome is the same

During this time the KDC log was filled with the same type of queries
(see attach)


apache2 config:

<VirtualHost *:80>
        Servername h-----g.com
        Redirect permanent / http://www.h-----g.com/
</VirtualHost>

<VirtualHost *:80>
        Servername www.h-----g.com
        DocumentRoot /var/www/www.h-----g.com
        <Directory /var/www/www.h-----g.com/profile>
            AuthType Kerberos
            KrbServiceName "webinterface/webser...@h-----g.com"
            Krb5Keytab /etc/apache2/krb5.keytab
            Require valid-user
            KrbMethodNegotiate off
        </Directory>
</VirtualHost>


/etc/hosts:

# cat /etc/hosts

# The following lines are desirable for IPv6 capable hosts
::1     ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts

192.168.1.75    h-----g.com www.h-----g.com webserver
127.0.0.1       admin.h-----g.com
192.168.1.75    db kdc



-- System Information:
Debian Release: squeeze/sid
  APT prefers stable
  APT policy: (990, 'stable'), (500, 'proposed-updates'), (500,
'unstable'), (500, 'testing'), (1, 'experimental') Architecture: i386
(i686)

Kernel: Linux 2.6.30-1-686 (SMP w/1 CPU core)
Locale: LANG=ru_RU.utf8, LC_CTYPE=ru_RU.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages libapache2-mod-auth-kerb depends on:
ii  apache2.2-common         2.2.9-10+lenny4 Apache HTTP Server common
files ii  krb5-config              1.22            Configuration files
for Kerberos V ii  libc6                    2.9-25          GNU C
Library: Shared libraries ii  libcomerr2               1.41.9-1
common error description library ii  libgssapi-krb5-2
1.7dfsg~beta3-1 MIT Kerberos runtime libraries - k ii
libk5crypto3             1.7dfsg~beta3-1 MIT Kerberos runtime libraries
- C ii  libkrb5-3                1.7dfsg~beta3-1 MIT Kerberos runtime
libraries

libapache2-mod-auth-kerb recommends no packages.

libapache2-mod-auth-kerb suggests no packages.

-- debconf-show failed

2009-10-11T22:04:03 AS-REQ u...@h-----g.com from IPv4:192.168.1.75 for krbtgt/h-----g....@h-----g.com
2009-10-11T22:04:03 Client sent patypes: encrypted-timestamp
2009-10-11T22:04:03 Looking for PKINIT pa-data -- u...@h-----g.com
2009-10-11T22:04:03 Looking for ENC-TS pa-data -- u...@h-----g.com
2009-10-11T22:04:03 ENC-TS Pre-authentication succeeded -- u...@h-----g.com using aes256-cts-hmac-sha1-96
2009-10-11T22:04:03 Client supported enctypes: aes256-cts-hmac-sha1-96, aes128-cts-hmac-sha1-96, des3-cbc-sha1, arcfour-hmac-md5, des-cbc-crc, des-cbc-md5, des-cbc-md4
2009-10-11T22:04:03 Using aes256-cts-hmac-sha1-96/aes256-cts-hmac-sha1-96
2009-10-11T22:04:03 Requested flags: renewable_ok, proxiable, forwardable
2009-10-11T22:04:03 AS-REQ authtime: 2009-10-11T22:04:03 starttime: unset endtime: 2009-10-12T22:03:57 renew till: unset
2009-10-11T22:04:03 sending 632 bytes to IPv4:192.168.1.75
2009-10-11T22:04:05 AS-REQ tes...@h-----g.com from IPv4:192.168.1.75 for krbtgt/h-----g....@h-----g.com
2009-10-11T22:04:05 No preauth found, returning PREAUTH-REQUIRED -- tes...@h-----g.com
2009-10-11T22:04:05 sending 414 bytes to IPv4:192.168.1.75
2009-10-11T22:04:09 TGS-REQ u...@h-----g.com from IPv4:192.168.1.75 for webinterface/webser...@h-----g.com [canonicalize, proxiable, forwardable]
2009-10-11T22:04:09 TGS-REQ authtime: 2009-10-11T22:04:03 starttime: 2009-10-11T22:04:09 endtime: 2009-10-12T22:03:57 renew till: unset
2009-10-11T22:04:09 sending 647 bytes to IPv4:192.168.1.75
2009-10-11T22:04:11 AS-REQ tes...@h-----g.com from IPv4:192.168.1.75 for krbtgt/h-----g....@h-----g.com
2009-10-11T22:04:11 Client sent patypes: encrypted-timestamp
2009-10-11T22:04:11 Looking for PKINIT pa-data -- tes...@h-----g.com
2009-10-11T22:04:11 Looking for ENC-TS pa-data -- tes...@h-----g.com
2009-10-11T22:04:11 ENC-TS Pre-authentication succeeded -- tes...@h-----g.com using aes256-cts-hmac-sha1-96
2009-10-11T22:04:11 Client supported enctypes: aes256-cts-hmac-sha1-96, aes128-cts-hmac-sha1-96, des3-cbc-sha1, arcfour-hmac-md5, des-cbc-crc, des-cbc-md5, des-cbc-md4
2009-10-11T22:04:11 Using aes256-cts-hmac-sha1-96/aes256-cts-hmac-sha1-96
2009-10-11T22:04:11 Requested flags: renewable_ok, proxiable, forwardable
2009-10-11T22:04:11 AS-REQ authtime: 2009-10-11T22:04:11 starttime: unset endtime: 2009-10-12T22:04:05 renew till: unset
2009-10-11T22:04:11 sending 644 bytes to IPv4:192.168.1.75
2009-10-11T22:04:18 AS-REQ u...@h-----g.com from IPv4:192.168.1.75 for krbtgt/h-----g....@h-----g.com
2009-10-11T22:04:18 No preauth found, returning PREAUTH-REQUIRED -- u...@h-----g.com
2009-10-11T22:04:18 sending 386 bytes to IPv4:192.168.1.75
2009-10-11T22:04:19 TGS-REQ tes...@h-----g.com from IPv4:192.168.1.75 for webinterface/webser...@h-----g.com [canonicalize, proxiable, forwardable]
2009-10-11T22:04:19 TGS-REQ authtime: 2009-10-11T22:04:11 starttime: 2009-10-11T22:04:19 endtime: 2009-10-12T22:04:05 renew till: unset
2009-10-11T22:04:19 sending 656 bytes to IPv4:192.168.1.75
2009-10-11T22:04:26 AS-REQ u...@h-----g.com from IPv4:192.168.1.75 for krbtgt/h-----g....@h-----g.com
2009-10-11T22:04:26 Client sent patypes: encrypted-timestamp
2009-10-11T22:04:26 Looking for PKINIT pa-data -- u...@h-----g.com
2009-10-11T22:04:26 Looking for ENC-TS pa-data -- u...@h-----g.com
2009-10-11T22:04:26 ENC-TS Pre-authentication succeeded -- u...@h-----g.com using aes256-cts-hmac-sha1-96
2009-10-11T22:04:26 Client supported enctypes: aes256-cts-hmac-sha1-96, aes128-cts-hmac-sha1-96, des3-cbc-sha1, arcfour-hmac-md5, des-cbc-crc, des-cbc-md5, des-cbc-md4
2009-10-11T22:04:26 Using aes256-cts-hmac-sha1-96/aes256-cts-hmac-sha1-96
2009-10-11T22:04:26 Requested flags: renewable_ok, proxiable, forwardable
2009-10-11T22:04:26 AS-REQ authtime: 2009-10-11T22:04:26 starttime: unset endtime: 2009-10-12T22:04:18 renew till: unset
2009-10-11T22:04:26 sending 632 bytes to IPv4:192.168.1.75
2009-10-11T22:04:27 AS-REQ tes...@h-----g.com from IPv4:192.168.1.75 for krbtgt/h-----g....@h-----g.com
2009-10-11T22:04:27 No preauth found, returning PREAUTH-REQUIRED -- tes...@h-----g.com
2009-10-11T22:04:27 sending 414 bytes to IPv4:192.168.1.75
2009-10-11T22:04:35 TGS-REQ u...@h-----g.com from IPv4:192.168.1.75 for webinterface/webser...@h-----g.com [canonicalize, proxiable, forwardable]
2009-10-11T22:04:35 TGS-REQ authtime: 2009-10-11T22:04:26 starttime: 2009-10-11T22:04:35 endtime: 2009-10-12T22:04:18 renew till: unset
2009-10-11T22:04:35 sending 647 bytes to IPv4:192.168.1.75
2009-10-11T22:04:36 AS-REQ tes...@h-----g.com from IPv4:192.168.1.75 for krbtgt/h-----g....@h-----g.com
2009-10-11T22:04:36 Client sent patypes: encrypted-timestamp
2009-10-11T22:04:36 Looking for PKINIT pa-data -- tes...@h-----g.com
2009-10-11T22:04:36 Looking for ENC-TS pa-data -- tes...@h-----g.com
2009-10-11T22:04:36 ENC-TS Pre-authentication succeeded -- tes...@h-----g.com using aes256-cts-hmac-sha1-96
2009-10-11T22:04:36 Client supported enctypes: aes256-cts-hmac-sha1-96, aes128-cts-hmac-sha1-96, des3-cbc-sha1, arcfour-hmac-md5, des-cbc-crc, des-cbc-md5, des-cbc-md4
2009-10-11T22:04:36 Using aes256-cts-hmac-sha1-96/aes256-cts-hmac-sha1-96
2009-10-11T22:04:36 Requested flags: renewable_ok, proxiable, forwardable
2009-10-11T22:04:36 AS-REQ authtime: 2009-10-11T22:04:36 starttime: unset endtime: 2009-10-12T22:04:27 renew till: unset
2009-10-11T22:04:36 sending 644 bytes to IPv4:192.168.1.75
2009-10-11T22:04:44 TGS-REQ tes...@h-----g.com from IPv4:192.168.1.75 for webinterface/webser...@h-----g.com [canonicalize, proxiable, forwardable]
2009-10-11T22:04:44 TGS-REQ authtime: 2009-10-11T22:04:36 starttime: 2009-10-11T22:04:44 endtime: 2009-10-12T22:04:27 renew till: unset
2009-10-11T22:04:44 sending 656 bytes to IPv4:192.168.1.75
2009-10-11T22:04:52 AS-REQ tes...@h-----g.com from IPv4:192.168.1.75 for krbtgt/h-----g....@h-----g.com
2009-10-11T22:04:52 No preauth found, returning PREAUTH-REQUIRED -- tes...@h-----g.com
2009-10-11T22:04:52 sending 414 bytes to IPv4:192.168.1.75
2009-10-11T22:05:00 AS-REQ tes...@h-----g.com from IPv4:192.168.1.75 for krbtgt/h-----g....@h-----g.com
2009-10-11T22:05:00 Client sent patypes: encrypted-timestamp
2009-10-11T22:05:00 Looking for PKINIT pa-data -- tes...@h-----g.com
2009-10-11T22:05:00 Looking for ENC-TS pa-data -- tes...@h-----g.com
2009-10-11T22:05:00 ENC-TS Pre-authentication succeeded -- tes...@h-----g.com using aes256-cts-hmac-sha1-96
2009-10-11T22:05:00 Client supported enctypes: aes256-cts-hmac-sha1-96, aes128-cts-hmac-sha1-96, des3-cbc-sha1, arcfour-hmac-md5, des-cbc-crc, des-cbc-md5, des-cbc-md4
2009-10-11T22:05:00 Using aes256-cts-hmac-sha1-96/aes256-cts-hmac-sha1-96
2009-10-11T22:05:00 Requested flags: renewable_ok, proxiable, forwardable
2009-10-11T22:05:00 AS-REQ authtime: 2009-10-11T22:05:00 starttime: unset endtime: 2009-10-12T22:04:52 renew till: unset
2009-10-11T22:05:00 sending 644 bytes to IPv4:192.168.1.75
2009-10-11T22:05:08 TGS-REQ tes...@h-----g.com from IPv4:192.168.1.75 for webinterface/webser...@h-----g.com [canonicalize, proxiable, forwardable]
2009-10-11T22:05:08 TGS-REQ authtime: 2009-10-11T22:05:00 starttime: 2009-10-11T22:05:08 endtime: 2009-10-12T22:04:52 renew till: unset
2009-10-11T22:05:08 sending 656 bytes to IPv4:192.168.1.75
2009-10-11T22:05:16 AS-REQ tes...@h-----g.com from IPv4:192.168.1.75 for krbtgt/h-----g....@h-----g.com
2009-10-11T22:05:16 No preauth found, returning PREAUTH-REQUIRED -- tes...@h-----g.com
2009-10-11T22:05:16 sending 414 bytes to IPv4:192.168.1.75
2009-10-11T22:05:24 AS-REQ tes...@h-----g.com from IPv4:192.168.1.75 for krbtgt/h-----g....@h-----g.com
2009-10-11T22:05:24 Client sent patypes: encrypted-timestamp
2009-10-11T22:05:24 Looking for PKINIT pa-data -- tes...@h-----g.com
2009-10-11T22:05:24 Looking for ENC-TS pa-data -- tes...@h-----g.com
2009-10-11T22:05:24 ENC-TS Pre-authentication succeeded -- tes...@h-----g.com using aes256-cts-hmac-sha1-96
2009-10-11T22:05:24 Client supported enctypes: aes256-cts-hmac-sha1-96, aes128-cts-hmac-sha1-96, des3-cbc-sha1, arcfour-hmac-md5, des-cbc-crc, des-cbc-md5, des-cbc-md4
2009-10-11T22:05:24 Using aes256-cts-hmac-sha1-96/aes256-cts-hmac-sha1-96
2009-10-11T22:05:24 Requested flags: renewable_ok, proxiable, forwardable
2009-10-11T22:05:24 AS-REQ authtime: 2009-10-11T22:05:24 starttime: unset endtime: 2009-10-12T22:05:16 renew till: unset
2009-10-11T22:05:24 sending 644 bytes to IPv4:192.168.1.75
2009-10-11T22:05:32 TGS-REQ tes...@h-----g.com from IPv4:192.168.1.75 for webinterface/webser...@h-----g.com [canonicalize, proxiable, forwardable]
2009-10-11T22:05:32 TGS-REQ authtime: 2009-10-11T22:05:24 starttime: 2009-10-11T22:05:32 endtime: 2009-10-12T22:05:16 renew till: unset
2009-10-11T22:05:32 sending 656 bytes to IPv4:192.168.1.75
2009-10-11T22:05:41 AS-REQ tes...@h-----g.com from IPv4:192.168.1.75 for krbtgt/h-----g....@h-----g.com
2009-10-11T22:05:41 No preauth found, returning PREAUTH-REQUIRED -- tes...@h-----g.com
2009-10-11T22:05:41 sending 413 bytes to IPv4:192.168.1.75
2009-10-11T22:05:49 AS-REQ tes...@h-----g.com from IPv4:192.168.1.75 for krbtgt/h-----g....@h-----g.com
2009-10-11T22:05:49 Client sent patypes: encrypted-timestamp
2009-10-11T22:05:49 Looking for PKINIT pa-data -- tes...@h-----g.com
2009-10-11T22:05:49 Looking for ENC-TS pa-data -- tes...@h-----g.com
2009-10-11T22:05:49 ENC-TS Pre-authentication succeeded -- tes...@h-----g.com using aes256-cts-hmac-sha1-96
2009-10-11T22:05:49 Client supported enctypes: aes256-cts-hmac-sha1-96, aes128-cts-hmac-sha1-96, des3-cbc-sha1, arcfour-hmac-md5, des-cbc-crc, des-cbc-md5, des-cbc-md4
2009-10-11T22:05:49 Using aes256-cts-hmac-sha1-96/aes256-cts-hmac-sha1-96
2009-10-11T22:05:49 Requested flags: renewable_ok, proxiable, forwardable
2009-10-11T22:05:49 AS-REQ authtime: 2009-10-11T22:05:49 starttime: unset endtime: 2009-10-12T22:05:41 renew till: unset
2009-10-11T22:05:49 sending 644 bytes to IPv4:192.168.1.75
2009-10-11T22:05:57 TGS-REQ tes...@h-----g.com from IPv4:192.168.1.75 for webinterface/webser...@h-----g.com [canonicalize, proxiable, forwardable]
2009-10-11T22:05:57 TGS-REQ authtime: 2009-10-11T22:05:49 starttime: 2009-10-11T22:05:57 endtime: 2009-10-12T22:05:41 renew till: unset
2009-10-11T22:05:57 sending 656 bytes to IPv4:192.168.1.75
2009-10-11T22:06:05 AS-REQ tes...@h-----g.com from IPv4:192.168.1.75 for krbtgt/h-----g....@h-----g.com
2009-10-11T22:06:05 No preauth found, returning PREAUTH-REQUIRED -- tes...@h-----g.com
2009-10-11T22:06:05 sending 414 bytes to IPv4:192.168.1.75
2009-10-11T22:06:14 AS-REQ tes...@h-----g.com from IPv4:192.168.1.75 for krbtgt/h-----g....@h-----g.com
2009-10-11T22:06:14 Client sent patypes: encrypted-timestamp
2009-10-11T22:06:14 Looking for PKINIT pa-data -- tes...@h-----g.com
2009-10-11T22:06:14 Looking for ENC-TS pa-data -- tes...@h-----g.com
2009-10-11T22:06:14 ENC-TS Pre-authentication succeeded -- tes...@h-----g.com using aes256-cts-hmac-sha1-96
2009-10-11T22:06:14 Client supported enctypes: aes256-cts-hmac-sha1-96, aes128-cts-hmac-sha1-96, des3-cbc-sha1, arcfour-hmac-md5, des-cbc-crc, des-cbc-md5, des-cbc-md4
2009-10-11T22:06:14 Using aes256-cts-hmac-sha1-96/aes256-cts-hmac-sha1-96
2009-10-11T22:06:14 Requested flags: renewable_ok, proxiable, forwardable
2009-10-11T22:06:14 AS-REQ authtime: 2009-10-11T22:06:14 starttime: unset endtime: 2009-10-12T22:06:05 renew till: unset
2009-10-11T22:06:14 sending 644 bytes to IPv4:192.168.1.75
2009-10-11T22:06:22 TGS-REQ tes...@h-----g.com from IPv4:192.168.1.75 for webinterface/webser...@h-----g.com [canonicalize, proxiable, forwardable]
2009-10-11T22:06:22 TGS-REQ authtime: 2009-10-11T22:06:14 starttime: 2009-10-11T22:06:22 endtime: 2009-10-12T22:06:05 renew till: unset
2009-10-11T22:06:22 sending 656 bytes to IPv4:192.168.1.75
2009-10-11T22:06:30 AS-REQ tes...@h-----g.com from IPv4:192.168.1.75 for krbtgt/h-----g....@h-----g.com
2009-10-11T22:06:30 No preauth found, returning PREAUTH-REQUIRED -- tes...@h-----g.com
2009-10-11T22:06:30 sending 414 bytes to IPv4:192.168.1.75
2009-10-11T22:06:39 AS-REQ tes...@h-----g.com from IPv4:192.168.1.75 for krbtgt/h-----g....@h-----g.com
2009-10-11T22:06:39 Client sent patypes: encrypted-timestamp
2009-10-11T22:06:39 Looking for PKINIT pa-data -- tes...@h-----g.com
2009-10-11T22:06:39 Looking for ENC-TS pa-data -- tes...@h-----g.com
2009-10-11T22:06:39 ENC-TS Pre-authentication succeeded -- tes...@h-----g.com using aes256-cts-hmac-sha1-96
2009-10-11T22:06:39 Client supported enctypes: aes256-cts-hmac-sha1-96, aes128-cts-hmac-sha1-96, des3-cbc-sha1, arcfour-hmac-md5, des-cbc-crc, des-cbc-md5, des-cbc-md4
2009-10-11T22:06:39 Using aes256-cts-hmac-sha1-96/aes256-cts-hmac-sha1-96
2009-10-11T22:06:39 Requested flags: renewable_ok, proxiable, forwardable
2009-10-11T22:06:39 AS-REQ authtime: 2009-10-11T22:06:39 starttime: unset endtime: 2009-10-12T22:06:30 renew till: unset
2009-10-11T22:06:39 sending 644 bytes to IPv4:192.168.1.75
2009-10-11T22:06:47 TGS-REQ tes...@h-----g.com from IPv4:192.168.1.75 for webinterface/webser...@h-----g.com [canonicalize, proxiable, forwardable]
2009-10-11T22:06:47 TGS-REQ authtime: 2009-10-11T22:06:39 starttime: 2009-10-11T22:06:47 endtime: 2009-10-12T22:06:30 renew till: unset
2009-10-11T22:06:47 sending 656 bytes to IPv4:192.168.1.75
2009-10-11T22:06:55 AS-REQ tes...@h-----g.com from IPv4:192.168.1.75 for krbtgt/h-----g....@h-----g.com
2009-10-11T22:06:55 No preauth found, returning PREAUTH-REQUIRED -- tes...@h-----g.com
2009-10-11T22:06:55 sending 414 bytes to IPv4:192.168.1.75
2009-10-11T22:07:03 AS-REQ tes...@h-----g.com from IPv4:192.168.1.75 for krbtgt/h-----g....@h-----g.com
2009-10-11T22:07:03 Client sent patypes: encrypted-timestamp
2009-10-11T22:07:03 Looking for PKINIT pa-data -- tes...@h-----g.com
2009-10-11T22:07:03 Looking for ENC-TS pa-data -- tes...@h-----g.com
2009-10-11T22:07:03 ENC-TS Pre-authentication succeeded -- tes...@h-----g.com using aes256-cts-hmac-sha1-96
2009-10-11T22:07:03 Client supported enctypes: aes256-cts-hmac-sha1-96, aes128-cts-hmac-sha1-96, des3-cbc-sha1, arcfour-hmac-md5, des-cbc-crc, des-cbc-md5, des-cbc-md4
2009-10-11T22:07:03 Using aes256-cts-hmac-sha1-96/aes256-cts-hmac-sha1-96
2009-10-11T22:07:03 Requested flags: renewable_ok, proxiable, forwardable
2009-10-11T22:07:03 AS-REQ authtime: 2009-10-11T22:07:03 starttime: unset endtime: 2009-10-12T22:06:55 renew till: unset
2009-10-11T22:07:03 sending 644 bytes to IPv4:192.168.1.75
2009-10-11T22:07:12 TGS-REQ tes...@h-----g.com from IPv4:192.168.1.75 for webinterface/webser...@h-----g.com [canonicalize, proxiable, forwardable]
2009-10-11T22:07:12 TGS-REQ authtime: 2009-10-11T22:07:03 starttime: 2009-10-11T22:07:12 endtime: 2009-10-12T22:06:55 renew till: unset
2009-10-11T22:07:12 sending 656 bytes to IPv4:192.168.1.75
2009-10-11T22:07:20 AS-REQ tes...@h-----g.com from IPv4:192.168.1.75 for krbtgt/h-----g....@h-----g.com
2009-10-11T22:07:20 No preauth found, returning PREAUTH-REQUIRED -- tes...@h-----g.com
2009-10-11T22:07:20 sending 414 bytes to IPv4:192.168.1.75
2009-10-11T22:07:28 AS-REQ tes...@h-----g.com from IPv4:192.168.1.75 for krbtgt/h-----g....@h-----g.com
2009-10-11T22:07:28 Client sent patypes: encrypted-timestamp
2009-10-11T22:07:28 Looking for PKINIT pa-data -- tes...@h-----g.com
2009-10-11T22:07:28 Looking for ENC-TS pa-data -- tes...@h-----g.com
2009-10-11T22:07:28 ENC-TS Pre-authentication succeeded -- tes...@h-----g.com using aes256-cts-hmac-sha1-96
2009-10-11T22:07:28 Client supported enctypes: aes256-cts-hmac-sha1-96, aes128-cts-hmac-sha1-96, des3-cbc-sha1, arcfour-hmac-md5, des-cbc-crc, des-cbc-md5, des-cbc-md4
2009-10-11T22:07:28 Using aes256-cts-hmac-sha1-96/aes256-cts-hmac-sha1-96
2009-10-11T22:07:28 Requested flags: renewable_ok, proxiable, forwardable
2009-10-11T22:07:28 AS-REQ authtime: 2009-10-11T22:07:28 starttime: unset endtime: 2009-10-12T22:07:20 renew till: unset
2009-10-11T22:07:28 sending 644 bytes to IPv4:192.168.1.75
2009-10-11T22:07:36 TGS-REQ tes...@h-----g.com from IPv4:192.168.1.75 for webinterface/webser...@h-----g.com [canonicalize, proxiable, forwardable]
2009-10-11T22:07:36 TGS-REQ authtime: 2009-10-11T22:07:28 starttime: 2009-10-11T22:07:36 endtime: 2009-10-12T22:07:20 renew till: unset
2009-10-11T22:07:36 sending 656 bytes to IPv4:192.168.1.75

signature.asc
Description: PGP signature

Bug#550606: libapache2-mod-auth-kerb: Multiple (redundant?) queries to KDC

Reply via email to