jer@IDA.ORG (Eric Roskos) (03/28/89)
When I try to use the -x option with rlogin, the following happens: % rlogin csed-2 -x /usr/local/athena/rlogin: Kerberos rcmd failed: Service expired (kerberos). % What's causing this? There is no log entry made in kerberos.log, so I can't tell what service it thinks has expired. Without the -x option, it works fine.
jon@ATHENA.MIT.EDU (Jon Rochlis) (03/28/89)
It ought to be logged ... from check_princ in src/server/kerberos.c ...
/* make sure the service hasn't expired */
if ((u_long) p->exp_date < (u_long) kerb_time.tv_sec) {
/* service did expire, log it */
lt = klog(L_ERR_SEXP,
"EXPIRED \"%s\" \"%s\" %s", p->name, p->instance,
stime(&(p->exp_date)), 0);
return KERB_ERR_NAME_EXP;
}
The only services it could be looking for (off the top of my head)
should be rcmd.csed-2 and possibly some krbtgt if you're in a
different realm.
Do you get different results if you don't use -x ?
-- Jon
steiner@osf.org (03/28/89)
> When I try to use the -x option with rlogin, the following happens: > > % rlogin csed-2 -x > /usr/local/athena/rlogin: Kerberos rcmd failed: Service expired (kerberos). > % You may be getting a bogus error message. rlogin calls kcmd which calls krb_sendauth. krb_sendauth sometimes returns "errno" instead of a Kerberos error code (e.g., lines 206, 214 of the file lib/krb/sendauth.c). The "errno" value gets passed back to rlogin, which re-interprets it as a Kerberos error code, so the problem may have nothing to do with the error code rlogin is giving you. (In any case, this is a bug in krb_sendauth.) Jennifer