Cannot authenticate to two particular machines from a specific host #89

opoplawski · 2023-12-13T19:48:54Z

opoplawski
Dec 13, 2023

We use gssproxy to allow a service user to run ansible plays against our windows hosts. Recently it started to fail to connect to one machine with the following error:

kerberos: the specified credentials were rejected by the server

Today, it started failing to connect to a second host as well. The user can connect to both of these machines from a nearly identical host in a different office.

I can reproduce the kerberos issue without gssproxy, so it's not really a gssproxy issue - but I'm hoping the gssproxy debug logs give more info about what is going wrong. KRB5_TRACE shows for the good:

[30881] 1702492207.386662: Creating authenticator for user@REALM -> WSMAN/hostname@REALM, seqnum 642265192, subkey aes256-cts/BE53, session key aes256-cts/59B2
[30881] 1702492207.386667: Read AP-REP, time 1702492223.386663, subkey aes256-cts/CE39, seqnum 1090943699

and for the bad:

[170509] 1702491673.709713: Creating authenticator for user@REALM -> WSMAN/hostname@REALM, seqnum 21301145, subkey aes256-cts/290D, session key aes256-cts/FC34
[170509] 1702491673.709720: ccselect module realm chose cache KEYRING:persistent:30707:30707 with client principal user@REALM for server principal WSMAN/hostname@REALM
[170509] 1702491673.709726: ccselect module realm chose cache KEYRING:persistent:30707:30707 with client principal user@REALM for server principal WSMAN/hostname@REALM

gssproxy debug output for a failing connection:

Dec 13 11:43:45 gssproxy[168936]: [2023/12/13 19:43:45]: Client [2023/12/13 19:43:45]: (/usr/bin/python3.11) [2023/12/13 19:43:45]:  connected (fd = 12)[2023/12/13 19:43:45]:  (pid = 173218) (uid = 30707) (gid = 30707)[2023/12/13 19:43:45]:  (context = unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023)[2023/12/13 19:43:45]:
Dec 13 11:43:45 gssproxy[168936]: [CID 12][2023/12/13 19:43:45]: [status] Handling query input: 0x55c4ca18a300 (100)
Dec 13 11:43:45 gssproxy[168936]: [CID 12][2023/12/13 19:43:45]: Connection matched service user
Dec 13 11:43:45 gssproxy[168936]: [CID 12][2023/12/13 19:43:45]: [status] Processing request [0x55c4ca18a300 (100)]
Dec 13 11:43:45 gssproxy[168936]: [CID 12][2023/12/13 19:43:45]: [status] Executing request 6 (GSSX_ACQUIRE_CRED) from [0x55c4ca18a300 (100)]
Dec 13 11:43:45 gssproxy[168936]: [CID 12][2023/12/13 19:43:45]: gp_rpc_execute: executing 6 (GSSX_ACQUIRE_CRED) for service "user", euid: 30707,socket: (null)
Dec 13 11:43:45 gssproxy[168936]:     GSSX_ARG_ACQUIRE_CRED( call_ctx: { "" [  ] } input_cred_handle: <Null> add_cred: 0 desired_name: <Null> time_req: 0 desired_mechs: { } cred_usage: INITIATE initiator_time_req: 0 acceptor_time_req: 0 )
Dec 13 11:43:45 gssproxy[168936]:     GSSX_RES_ACQUIRE_CRED( status: { 0 { 1 2 840 113554 1 2 2 } 0 "" "" [  ] } output_cred_handle: { { "user@REALM" { 1 2 840 113554 1 2 2 1 } [ 410b692affffff8648ffffff86fffffff7121220001461707073746174734041442e4e5752412e434f4d ] [ 420b692affffff8648ffffff86fffffff7121220001461707073746174734041442e4e5752412e434f4d0000 ] [ ] } [ { { "user@REALM" { 1 2 840 113554 1 2 2 1 } [ 410b692affffff8648ffffff86fffffff7121220001461707073746174734041442e4e5752412e434f4d ] [ 420b692affffff8648ffffff86fffffff7121220001461707073746174734041442e4e5752412e434f4d0000 ] [ ] } { 1 2 840 113554 1 2 2 } INITIATE 28880 0 } ] [ ffffffc2ffffff8f6d7affffffb1256ffffff8dffffff9dffffff9c3affffffec7e319346270ffffffd6304f7b3ffffffff84217ffffff8f65fffffffa0ffffffdbfffffff56452dffffffc5595e2abffffffae422a7f5711fffffff1781034ffffffedfffffffe68ffffff8bffffffb4ffffffee2affffff91ffffff94157a35ffffff85ffffffb2636041512dffffff86ffffffe21fffffffdcffffffe017fffffffb507c5effffffcf54ffffff9d17ffffffbf13fffffff163bffffffafffffffedffffff83ffffff85ffffffe7ffffff9d40ffffffd356ffffffa6632529ffffffe7effffffd83663bffffffa413ffffffcdffffffd0ffffffd8fffffff5744bffffffd34878ffffffc936ffffffb5ffffff8671bffffffffa9fffffff9ffffffb8ffffff87ffffff99ffffff89ffffffa9fffffff9d1a3ffffffd99ffffffe3ffffff8b45fffffffc367d2756fffffffa30ffffffecffffffec6e4dfffffffcb3b103165ffffffa2ffffff93f4e7ffffffd07b7effffffae465affffffa8fffffffa36d772c232f5fffffffd2ffffffb67ffffffe554ffffffe2ffffffe0ffffffaf79ffffffad4b5cc3bfffffffe22f2affffff91fffffff1467bffffffff303b262d7bffffffc560ffffffe3ffffffc84fffffffe13e40ffffffe245ffffffb344fffffffd7fffffff985118ffffff8b46ffffffa65fffffff81ffffff813effffff92ffffffdf652dffffff9a61fffffffcffffffbbffffffbc1f2816ffffffbdffffffee33 ] 0 } )
Dec 13 11:43:45 gssproxy[168936]: [CID 12][2023/12/13 19:43:45]: [status] Returned buffer 6 (GSSX_ACQUIRE_CRED) from [0x55c4ca18a300 (100)]: [0x7efe080a8370 (660)]
Dec 13 11:43:45 gssproxy[168936]: [CID 12][2023/12/13 19:43:45]: [status] Handling query output: 0x7efe080a8370 (660)
Dec 13 11:43:45 gssproxy[168936]: [2023/12/13 19:43:45]: [status] Handling query reply: 0x7efe080a8370 (660)
Dec 13 11:43:45 gssproxy[168936]: [2023/12/13 19:43:45]: [status] Sending data: 0x7efe080a8370 (660)
Dec 13 11:43:45 gssproxy[168936]: [2023/12/13 19:43:45]: [status] Sending data [0x7efe080a8370 (660)]: successful write of 660
Dec 13 11:43:45 gssproxy[168936]: [CID 12][2023/12/13 19:43:45]: [status] Handling query input: 0x55c4ca18bef0 (788)
Dec 13 11:43:45 gssproxy[168936]: [CID 12][2023/12/13 19:43:45]: Connection matched service user
Dec 13 11:43:45 gssproxy[168936]: [CID 12][2023/12/13 19:43:45]: [status] Processing request [0x55c4ca18bef0 (788)]
Dec 13 11:43:45 gssproxy[168936]: [CID 12][2023/12/13 19:43:45]: [status] Executing request 8 (GSSX_INIT_SEC_CONTEXT) from [0x55c4ca18bef0 (788)]
Dec 13 11:43:45 gssproxy[168936]: [CID 12][2023/12/13 19:43:45]: gp_rpc_execute: executing 8 (GSSX_INIT_SEC_CONTEXT) for service "user", euid: 30707,socket: (null)
Dec 13 11:43:45 gssproxy[168936]:     GSSX_ARG_INIT_SEC_CONTEXT( call_ctx: { "" [  ] } context_handle: <Null> cred_handle: { { "user@REALM" { 1 2 840 113554 1 2 2 1 } [ 410b692affffff8648ffffff86fffffff7121220001461707073746174734041442e4e5752412e434f4d ] [ 420b692affffff8648ffffff86fffffff7121220001461707073746174734041442e4e5752412e434f4d0000 ] [ ] } [ { { "user@REALM" { 1 2 840 113554 1 2 2 1 } [ 410b692affffff8648ffffff86fffffff7121220001461707073746174734041442e4e5752412e434f4d ] [ 420b692affffff8648ffffff86fffffff7121220001461707073746174734041442e4e5752412e434f4d0000 ] [ ] } { 1 2 840 113554 1 2 2 } INITIATE 28880 0 } ] [ ffffffc2ffffff8f6d7affffffb1256ffffff8dffffff9dffffff9c3affffffec7e319346270ffffffd6304f7b3ffffffff84217ffffff8f65fffffffa0ffffffdbfffffff56452dffffffc5595e2abffffffae422a7f5711fffffff1781034ffffffedfffffffe68ffffff8bffffffb4ffffffee2affffff91ffffff94157a35ffffff85ffffffb2636041512dffffff86ffffffe21fffffffdcffffffe017fffffffb507c5effffffcf54ffffff9d17ffffffbf13fffffff163bffffffafffffffedffffff83ffffff85ffffffe7ffffff9d40ffffffd356ffffffa6632529ffffffe7effffffd83663bffffffa413ffffffcdffffffd0ffffffd8fffffff5744bffffffd34878ffffffc936ffffffb5ffffff8671bffffffffa9fffffff9ffffffb8ffffff87ffffff99ffffff89ffffffa9fffffff9d1a3ffffffd99ffffffe3ffffff8b45fffffffc367d2756fffffffa30ffffffecffffffec6e4dfffffffcb3b103165ffffffa2ffffff93f4e7ffffffd07b7effffffae465affffffa8fffffffa36d772c232f5fffffffd2ffffffb67ffffffe554ffffffe2ffffffe0ffffffaf79ffffffad4b5cc3bfffffffe22f2affffff91fffffff1467bffffffff303b262d7bffffffc560ffffffe3ffffffc84fffffffe13e40ffffffe245ffffffb344fffffffd7fffffff985118ffffff8b46ffffffa65fffffff81ffffff813effffff92ffffffdf652dffffff9a61fffffffcffffffbbffffffbc1f2816ffffffbdffffffee33 ] 0 } target_name: { "http@hostname" { 1 2 840 113554 1 2 1 4 } [  ] [  ] [ ] } mech_type: { 1 2 840 113554 1 2 2 } req_flags: 10 time_req: 0 input_cb: <Null> input_token: [  ] [ { [ 73796e635f6d6f6469666965645f63726564730 ] [ 64656661756c740 ] } ] )
Dec 13 11:43:45 gssproxy[168936]: [CID 12][2023/12/13 19:43:45]: No impersonator credentials detected
Dec 13 11:43:45 gssproxy[168936]:     GSSX_RES_INIT_SEC_CONTEXT( status: { 1 { 1 2 840 113554 1 2 2 } 0 "The routine must be called again to complete its function" "" [  ] } context_handle: { [ 00092affffff8648ffffff86fffffff71212225effffffa1800010000000000000013a0000000000000000ffffffffffffffffffffffffffffffff0000ffffffffffffffffffffffffffffffff6579ffffffedc657a8ffffffdd657a79ffffffac65ffffff8327ffffff8c40ffffffa10000002bffffff984ffffffbe00000000ffffff97effffffa73700092affffff8648ffffff86fffffff712122ffffff97effffffa737ffffff97effffffa710001461707073746174734041442e4e5752412e434f4dffffff97effffffa71ffffff97effffffa7100024687474702f6f6c616c6c69652e61642e6e7772612e636f6d4041442e4e5752412e434f4dffffff97effffffa71ffffff97effffffa7300012000205a21ffffffa121ffffff94ffffffb0ffffffb41840ffffff947a7ffffff86ffffff89ffffffe2ffffff993948ffffffe9ffffffcf2c30fffffff3ffffffa5ffffffa43f5a215cffffffcd3b4ffffff97effffffa73ffffff97effffffa7240000000000000012c00010000100000054ffffff97effffffa725ffffffffffffffffffffffff6b00000001ffffff97effffffa725ffffffaaffffffca60120001000e2f6574632f6b7262352e636f6e66ffffffaaffffffca6012ffffff97effffffa724ffffff97effffffa729000400002bffffff984ffffffbe00ffffff803000000000effffff82ffffff88ffffff97effffffa7300012000205effffffa5ffffffb4ffffffc3d635ffffffab5fffffffa9162dffffff84ffffff9376ffffff88fffffffb405affffffe760ffffffd8ffffffb622ffffffd4ffffffedffffff8bffffffcf66ffffffb7ffffffb9fffffff9ffffff97effffffa730effffff82ffffff89ffffff97effffffa7300012000205a21ffffffa121ffffff94ffffffb0ffffffb41840ffffff947a7ffffff86ffffff89ffffffe2ffffff993948ffffffe9ffffffcf2c30fffffff3ffffffa5ffffffa43f5a215cffffffcd3b4ffffff97effffffa730effffff82ffffff8affffff97effffffa7300012000205a21ffffffa121ffffff94ffffffb0ffffffb41840ffffff947a7ffffff86ffffff89ffffffe2ffffff993948ffffffe9ffffffcf2c30fffffff3ffffffa5ffffffa43f5a215cffffffcd3b4ffffff97effffffa73ffffff97effffffa7e657a8ffffffdc09fffffffc5e2bffffff984ffffffbeffffff97effffffa7300012000205a21ffffffa121ffffff94ffffffb0ffffffb41840ffffff947a7ffffff86ffffff89ffffffe2ffffff993948ffffffe9ffffffcf2c30fffffff3ffffffa5ffffffa43f5a215cffffffcd3b4ffffff97effffffa730001ffffff97effffffa7a00010001930173015ffffffa04220ffffff81ffffffa1d4b309211421132112ffffff97effffffa7affffff97effffffa7effffff97effffffa72900010001000000000000025effffffa18 ] [  ] 0 { 1 2 840 113554 1 2 2 } { "" <None> [  ] [  ] [ ] } { "" <None> [  ] [  ] [ ] } 0 314 1 0 } output_token: [ 60ffffff826ffffff8e692affffff8648ffffff86fffffff712122106effffff8267d30ffffff82679ffffffa03215ffffffa1321effffffa2735020000ffffffa3ffffff8256661ffffff8256230ffffff8255effffffa03215ffffffa1d1bb41442e4e5752412e434f4dffffffa2263024ffffffa03213ffffffa11d301b1b4687474701b136f6c616c6c69652e61642e6e7772612e636f6dffffffa3ffffff8251e30ffffff8251affffffa032112ffffffa132130ffffffa2ffffff825c4ffffff825859ffffffe4ffffffceffffff96ffffffd9ffffff9fffffffd5ffffffec5bffffffc61f46ffffff98fffffffeffffffe32cf7ffffffff030fffffff0ffffffd76effffffd8ffffff866c4a4bffffff85757fffffff6ffffffe8ffffffe4ffffff9dffffffb718ffffffa0ffffffb26efffffff3ffffffb419ffffffb7ffffffb82cffffff9bffffff942942733f2efffffffd3bfffffffe311958ffffffc1ffffffe0ffffff83ffffffef11ffffffd5ffffff96ffffffebfffffff466ffffff8511ffffffd412fffffffe1bffffffd04e62ffffffac19ffffff8effffff90ffffffa874fffffff068ffffffd5ffffffe81a2ffffff83ffffffd9ffffffc41f23ffffffea4cfffffffeffffffff4dfffffff24affffffd5ffffff9a3f4758ffffff8437ffffffd42b701b18ffffff9e70567479ffffffef43ffffffbffffffff0ffffffa8ffffff8affffff9b414a1714ffffffb0703a7ffffff95594a5dffffffb9ffffffa4785efffffff86135ffffffd016ffffffd77effffffa0113a67ffffff93ffffffed60ffffffa2ffffffbd1b196dffffffeaffffffb7ffffff8415ffffffa4ffffff973535627cffffffdf22ffffff94166ffffff8b47121bffffffccffffffeefffffff1ffffff9e7ffffffe235ffffff973931ffffffe53effffff99ffffffa6ffffffa1ffffffde53ffffffa867ffffff91273efffffffcffffff91683ffffffaf39175947ffffffa8fffffff81853ffffffd1ffffffe3ffffff834bffffffb015ffffffafffffff8fffffffae21ffffff98ffffffea4fffffffcbffffff8527ffffff99ffffffca56ffffffaf2ffffffffcffffffbd6c7ffffffa2fffffff028ffffffa366d743350ffffffabffffffa4ffffffd976fff
Dec 13 11:43:45 gssproxy[168936]: [CID 12][2023/12/13 19:43:45]: [status] Returned buffer 8 (GSSX_INIT_SEC_CONTEXT) from [0x55c4ca18bef0 (788)]: [0x7efe08065ef0 (2604)]
Dec 13 11:43:45 gssproxy[168936]: [CID 12][2023/12/13 19:43:45]: [status] Handling query output: 0x7efe08065ef0 (2604)
Dec 13 11:43:45 gssproxy[168936]: [2023/12/13 19:43:45]: [status] Handling query reply: 0x7efe08065ef0 (2604)
Dec 13 11:43:45 gssproxy[168936]: [2023/12/13 19:43:45]: [status] Sending data: 0x7efe08065ef0 (2604)
Dec 13 11:43:45 gssproxy[168936]: [2023/12/13 19:43:45]: [status] Sending data [0x7efe08065ef0 (2604)]: successful write of 2604
Dec 13 11:43:45 gssproxy[168936]: [CID 12][2023/12/13 19:43:45]: [status] Handling query input: 0x55c4ca18a300 (100)
Dec 13 11:43:45 gssproxy[168936]: [CID 12][2023/12/13 19:43:45]: Connection matched service user
Dec 13 11:43:45 gssproxy[168936]: [CID 12][2023/12/13 19:43:45]: [status] Processing request [0x55c4ca18a300 (100)]
Dec 13 11:43:45 gssproxy[168936]: [CID 12][2023/12/13 19:43:45]: [status] Executing request 6 (GSSX_ACQUIRE_CRED) from [0x55c4ca18a300 (100)]
Dec 13 11:43:45 gssproxy[168936]: [CID 12][2023/12/13 19:43:45]: gp_rpc_execute: executing 6 (GSSX_ACQUIRE_CRED) for service "user", euid: 30707,socket: (null)
Dec 13 11:43:45 gssproxy[168936]:     GSSX_ARG_ACQUIRE_CRED( call_ctx: { "" [  ] } input_cred_handle: <Null> add_cred: 0 desired_name: <Null> time_req: 0 desired_mechs: { } cred_usage: INITIATE initiator_time_req: 0 acceptor_time_req: 0 )
Dec 13 11:43:45 gssproxy[168936]:     GSSX_RES_ACQUIRE_CRED( status: { 0 { 1 2 840 113554 1 2 2 } 0 "" "" [  ] } output_cred_handle: { { "user@REALM" { 1 2 840 113554 1 2 2 1 } [ 410b692affffff8648ffffff86fffffff7121220001461707073746174734041442e4e5752412e434f4d ] [ 420b692affffff8648ffffff86fffffff7121220001461707073746174734041442e4e5752412e434f4d0000 ] [ ] } [ { { "user@REALM" { 1 2 840 113554 1 2 2 1 } [ 410b692affffff8648ffffff86fffffff7121220001461707073746174734041442e4e5752412e434f4d ] [ 420b692affffff8648ffffff86fffffff7121220001461707073746174734041442e4e5752412e434f4d0000 ] [ ] } { 1 2 840 113554 1 2 2 } INITIATE 28880 0 } ] [ 515d6113ffffffc11758fffffff0ffffffa6327d45ffffff865bfffffff5705016ffffffd612563b69ffffffa1ffffff8dffffffbe1925ffffffd5cffffff9d10ffffff8affffffadffffffe86623ffffffac623bffffff86756a23ffffffbffffffff4ffffffcdffffffa8ffffffb810ffffff947dffffffd3ffffffdffffffff42effffff823945ffffffb8ffffffe743ffffffc2ffffff8251261915ffffffba10ffffffbfffffffc077fffffffb64ffffff94effffffab5b32ffffffbfffffffeeffffffb149ffffffe4ffffff99ffffffa5ffffffd9fffffff2fffffff3ffffffeb3c1d34fffffff7fffffffd2fffffffbaffffffe12e39fffffffa611bffffffc9ffffff8d1d4c1e1263ffffff8254ffffff9123a76fffffff635ffffff8dffffffbe31fffffff6ffffffa0307155ffffffa7ffffffc044ffffffeeffffffbeeffffffb7ffffff84ffffffa0ffffffc1ffffffeaffffffee3cffffffd92de2fffffff85ffffffe0ffffff893affffff9b37fffffffefffffff87ffffffadffffffe0ffffffdcffffffdaffffffac4efffffffaffffffacffffffc018ffffffceffffffea7cffffff94fffffff917ffffffaeffffff9b1dffffffedffffff89ffffffdd3cffffffdc1b29ffffffca17ffffffcc3f54ffffff91ffffff8e58ffffff82ffffff82ffffffee9ffffffe2ffffffa7ffffffe6ffffffb0ffffff87ffffff8effffffddffffffc2ffffff85fffffffa786c1f47fffffff17143ffffff9a53ffffffb0ffffffa9675ffffff8f3567ffffffe4ffffffac7c127f561c6cffffff8838ffffff92ffffff89775067fffffffcffffff98fffffff04d75f29ffffff9d4924ffffffe7ffffffb94effffffb96a ] 0 } )
Dec 13 11:43:45 gssproxy[168936]: [CID 12][2023/12/13 19:43:45]: [status] Returned buffer 6 (GSSX_ACQUIRE_CRED) from [0x55c4ca18a300 (100)]: [0x7efe080a9f40 (660)]
Dec 13 11:43:45 gssproxy[168936]: [CID 12][2023/12/13 19:43:45]: [status] Handling query output: 0x7efe080a9f40 (660)
Dec 13 11:43:45 gssproxy[168936]: [2023/12/13 19:43:45]: [status] Handling query reply: 0x7efe080a9f40 (660)
Dec 13 11:43:45 gssproxy[168936]: [2023/12/13 19:43:45]: [status] Sending data: 0x7efe080a9f40 (660)
Dec 13 11:43:45 gssproxy[168936]: [2023/12/13 19:43:45]: [status] Sending data [0x7efe080a9f40 (660)]: successful write of 660
Dec 13 11:43:45 gssproxy[168936]: [CID 12][2023/12/13 19:43:45]: [status] Handling query input: 0x55c4ca186b50 (1016)
Dec 13 11:43:45 gssproxy[168936]: [CID 12][2023/12/13 19:43:45]: Connection matched service user
Dec 13 11:43:45 gssproxy[168936]: [CID 12][2023/12/13 19:43:45]: [status] Processing request [0x55c4ca186b50 (1016)]
Dec 13 11:43:45 gssproxy[168936]: [CID 12][2023/12/13 19:43:45]: [status] Executing request 8 (GSSX_INIT_SEC_CONTEXT) from [0x55c4ca186b50 (1016)]
Dec 13 11:43:45 gssproxy[168936]: [CID 12][2023/12/13 19:43:45]: gp_rpc_execute: executing 8 (GSSX_INIT_SEC_CONTEXT) for service "user", euid: 30707,socket: (null)
Dec 13 11:43:45 gssproxy[168936]:     GSSX_ARG_INIT_SEC_CONTEXT( call_ctx: { "" [  ] } context_handle: <Null> cred_handle: { { "user@REALM" { 1 2 840 113554 1 2 2 1 } [ 410b692affffff8648ffffff86fffffff7121220001461707073746174734041442e4e5752412e434f4d ] [ 420b692affffff8648ffffff86fffffff7121220001461707073746174734041442e4e5752412e434f4d0000 ] [ ] } [ { { "user@REALM" { 1 2 840 113554 1 2 2 1 } [ 410b692affffff8648ffffff86fffffff7121220001461707073746174734041442e4e5752412e434f4d ] [ 420b692affffff8648ffffff86fffffff7121220001461707073746174734041442e4e5752412e434f4d0000 ] [ ] } { 1 2 840 113554 1 2 2 } INITIATE 28880 0 } ] [ 515d6113ffffffc11758fffffff0ffffffa6327d45ffffff865bfffffff5705016ffffffd612563b69ffffffa1ffffff8dffffffbe1925ffffffd5cffffff9d10ffffff8affffffadffffffe86623ffffffac623bffffff86756a23ffffffbffffffff4ffffffcdffffffa8ffffffb810ffffff947dffffffd3ffffffdffffffff42effffff823945ffffffb8ffffffe743ffffffc2ffffff8251261915ffffffba10ffffffbfffffffc077fffffffb64ffffff94effffffab5b32ffffffbfffffffeeffffffb149ffffffe4ffffff99ffffffa5ffffffd9fffffff2fffffff3ffffffeb3c1d34fffffff7fffffffd2fffffffbaffffffe12e39fffffffa611bffffffc9ffffff8d1d4c1e1263ffffff8254ffffff9123a76fffffff635ffffff8dffffffbe31fffffff6ffffffa0307155ffffffa7ffffffc044ffffffeeffffffbeeffffffb7ffffff84ffffffa0ffffffc1ffffffeaffffffee3cffffffd92de2fffffff85ffffffe0ffffff893affffff9b37fffffffefffffff87ffffffadffffffe0ffffffdcffffffdaffffffac4efffffffaffffffacffffffc018ffffffceffffffea7cffffff94fffffff917ffffffaeffffff9b1dffffffedffffff89ffffffdd3cffffffdc1b29ffffffca17ffffffcc3f54ffffff91ffffff8e58ffffff82ffffff82ffffffee9ffffffe2ffffffa7ffffffe6ffffffb0ffffff87ffffff8effffffddffffffc2ffffff85fffffffa786c1f47fffffff17143ffffff9a53ffffffb0ffffffa9675ffffff8f3567ffffffe4ffffffac7c127f561c6cffffff8838ffffff92ffffff89775067fffffffcffffff98fffffff04d75f29ffffff9d4924ffffffe7ffffffb94effffffb96a ] 0 } target_name: { "http@hostname" { 1 2 840 113554 1 2 1 4 } [  ] [  ] [ ] } mech_type: { 1 2 840 113554 1 2 2 } req_flags: 10 time_req: 0 input_cb: { 0 [  ] 0 [  ] [ 746c732d7365727665722d656e642d706f696e743affffff90fffffffeffffffd348fffffff9c1a4b2bffffff986affffffefffffffaaffffffc251ffffffaf194157ffffff97ffffffcf252cffffffc3ffffffe77affffffa637ffffff9d38ffffff90fffffffafffffff5ffffffd3ffffffc4fffffffe9ffffff982165ffffff9f8ffffffb9ffffffefffffff9affffffdcffffffc6ffffffe0ffffffad756740ffffffc17a1a59ffffffafffffffd7ffffff9fffffff9bffffffbd4dffffff87 ] } input_token: [ 606b692affffff8648ffffff86fffffff712122307e5c305affffffa03215ffffffa13211effffffa41118f32303233313231333139343730315affffffa55239ffffffdaffffff98ffffffa632125ffffffa9d1bb41442e4e5752412e434f4dffffffaa153013ffffffa03211ffffffa1c30a1b86f6c616c6c696524ffffffac947305ffffffa13212 ] [ { [ 73796e635f6d6f6469666965645f63726564730 ] [ 64656661756c740 ] } ] )
Dec 13 11:43:45 gssproxy[168936]: [CID 12][2023/12/13 19:43:45]: No impersonator credentials detected
Dec 13 11:43:45 gssproxy[168936]:     GSSX_RES_INIT_SEC_CONTEXT( status: { 589824 { 1 2 840 113554 1 2 2 } 100001 "Invalid token was supplied" "Success" [  ] } context_handle: <Null> output_token: <Null> )
Dec 13 11:43:45 gssproxy[168936]: [CID 12][2023/12/13 19:43:45]: [status] Returned buffer 8 (GSSX_INIT_SEC_CONTEXT) from [0x55c4ca186b50 (1016)]: [0x7efe08073f10 (120)]
Dec 13 11:43:45 gssproxy[168936]: [CID 12][2023/12/13 19:43:45]: [status] Handling query output: 0x7efe08073f10 (120)
Dec 13 11:43:45 gssproxy[168936]: [2023/12/13 19:43:45]: [status] Handling query reply: 0x7efe08073f10 (120)
Dec 13 11:43:45 gssproxy[168936]: [2023/12/13 19:43:45]: [status] Sending data: 0x7efe08073f10 (120)
Dec 13 11:43:45 gssproxy[168936]: [2023/12/13 19:43:45]: [status] Sending data [0x7efe08073f10 (120)]: successful write of 120
Dec 13 11:43:45 gssproxy[168936]: [CID 12][2023/12/13 19:43:45]: [status] Handling query input: 0x55c4ca18acb0 (100)
Dec 13 11:43:45 gssproxy[168936]: [CID 12][2023/12/13 19:43:45]: Connection matched service user
Dec 13 11:43:45 gssproxy[168936]: [CID 12][2023/12/13 19:43:45]: [status] Processing request [0x55c4ca18acb0 (100)]
Dec 13 11:43:45 gssproxy[168936]: [CID 12][2023/12/13 19:43:45]: [status] Executing request 6 (GSSX_ACQUIRE_CRED) from [0x55c4ca18acb0 (100)]
Dec 13 11:43:45 gssproxy[168936]: [CID 12][2023/12/13 19:43:45]: gp_rpc_execute: executing 6 (GSSX_ACQUIRE_CRED) for service "user", euid: 30707,socket: (null)
Dec 13 11:43:45 gssproxy[168936]:     GSSX_ARG_ACQUIRE_CRED( call_ctx: { "" [  ] } input_cred_handle: <Null> add_cred: 0 desired_name: <Null> time_req: 0 desired_mechs: { } cred_usage: INITIATE initiator_time_req: 0 acceptor_time_req: 0 )
Dec 13 11:43:45 gssproxy[168936]:     GSSX_RES_ACQUIRE_CRED( status: { 0 { 1 2 840 113554 1 2 2 } 0 "" "" [  ] } output_cred_handle: { { "user@REALM" { 1 2 840 113554 1 2 2 1 } [ 410b692affffff8648ffffff86fffffff7121220001461707073746174734041442e4e5752412e434f4d ] [ 420b692affffff8648ffffff86fffffff7121220001461707073746174734041442e4e5752412e434f4d0000 ] [ ] } [ { { "user@REALM" { 1 2 840 113554 1 2 2 1 } [ 410b692affffff8648ffffff86fffffff7121220001461707073746174734041442e4e5752412e434f4d ] [ 420b692affffff8648ffffff86fffffff7121220001461707073746174734041442e4e5752412e434f4d0000 ] [ ] } { 1 2 840 113554 1 2 2 } INITIATE 28880 0 } ] [ 48fffffff5306d2ffffffa3ffffffc57ffffffed676f56ffffffe5ffffff95f11ffffffb545ffffff914719fffffff550ffffffc2ffffffd532ffffffa7ffffffdb29ffffff9affffffe22033fffffffc21ffffffb9202cffffffbfffffffc72029b31ffffffcf77ffffff9cfffffffd59ffffffef44ffffffd455ffffff92fffffff0fffffffcf1622ffffff9d7dfffffff8ffffffc3dfffffff5ffffff9a71ffffff9a414fffffffaa836ffffffaba1760ffffffc2ffffff8bffffffd6ffffff92512dffffffc55f6e54fffffffe2a5ffffffbb79ffffff8c73ffffffad702cffffffd6ffffff8cffffffa7ffffff85682f67ffffffcaffffffc7ffffffecfffffff76bffffff9c2b33fffffff4654ffffffe644ffffffe8413affffffe44b46fffffffeffffff8238782c6b1231ffffffac6f2770ffffffa93461ffffffc9ffffffb841fffffffffffffffebffffffb1ffffffaeffffffeeffffffdd2a21fffffffd6bffffffa5ffffffd9ffffff896159ffffffee34ffffffec2856fffffff2ffffffde86e74fffffffd6659360ffffffd84c295c54ffffff9322675236a52494e1fffffffa1547cffffffa4ffffffbb4effffffc8ffffffdf6d41ffffffe06429483f33ffffffb8ffffffdaffffffed261325ffffff9d55ffffffd0305b41ffffffa6494b2c4c2ffffffaf74ffffff8b489fffffffdffffffd970ffffffe21dffffffc3ffffffe927ffffffa5ffffffe467ffffffacffffffceffffffb7ffffff9fffffffb278ffffff9affffff91ffffff81ffffffd6 ] 0 } )
Dec 13 11:43:45 gssproxy[168936]: [CID 12][2023/12/13 19:43:45]: [status] Returned buffer 6 (GSSX_ACQUIRE_CRED) from [0x55c4ca18acb0 (100)]: [0x7efe08045c70 (660)]
Dec 13 11:43:45 gssproxy[168936]: [CID 12][2023/12/13 19:43:45]: [status] Handling query output: 0x7efe08045c70 (660)
Dec 13 11:43:45 gssproxy[168936]: [2023/12/13 19:43:45]: [status] Handling query reply: 0x7efe08045c70 (660)
Dec 13 11:43:45 gssproxy[168936]: [2023/12/13 19:43:45]: [status] Sending data: 0x7efe08045c70 (660)
Dec 13 11:43:45 gssproxy[168936]: [2023/12/13 19:43:45]: [status] Sending data [0x7efe08045c70 (660)]: successful write of 660
Dec 13 11:43:45 gssproxy[168936]: [CID 12][2023/12/13 19:43:45]: [status] Handling query input: 0x55c4ca186f50 (1016)
Dec 13 11:43:45 gssproxy[168936]: [CID 12][2023/12/13 19:43:45]: Connection matched service user
Dec 13 11:43:45 gssproxy[168936]: [CID 12][2023/12/13 19:43:45]: [status] Processing request [0x55c4ca186f50 (1016)]
Dec 13 11:43:45 gssproxy[168936]: [CID 12][2023/12/13 19:43:45]: [status] Executing request 8 (GSSX_INIT_SEC_CONTEXT) from [0x55c4ca186f50 (1016)]
Dec 13 11:43:45 gssproxy[168936]: [CID 12][2023/12/13 19:43:45]: gp_rpc_execute: executing 8 (GSSX_INIT_SEC_CONTEXT) for service "user", euid: 30707,socket: (null)
Dec 13 11:43:45 gssproxy[168936]:     GSSX_ARG_INIT_SEC_CONTEXT( call_ctx: { "" [  ] } context_handle: <Null> cred_handle: { { "user@REALM" { 1 2 840 113554 1 2 2 1 } [ 410b692affffff8648ffffff86fffffff7121220001461707073746174734041442e4e5752412e434f4d ] [ 420b692affffff8648ffffff86fffffff7121220001461707073746174734041442e4e5752412e434f4d0000 ] [ ] } [ { { "user@REALM" { 1 2 840 113554 1 2 2 1 } [ 410b692affffff8648ffffff86fffffff7121220001461707073746174734041442e4e5752412e434f4d ] [ 420b692affffff8648ffffff86fffffff7121220001461707073746174734041442e4e5752412e434f4d0000 ] [ ] } { 1 2 840 113554 1 2 2 } INITIATE 28880 0 } ] [ 48fffffff5306d2ffffffa3ffffffc57ffffffed676f56ffffffe5ffffff95f11ffffffb545ffffff914719fffffff550ffffffc2ffffffd532ffffffa7ffffffdb29ffffff9affffffe22033fffffffc21ffffffb9202cffffffbfffffffc72029b31ffffffcf77ffffff9cfffffffd59ffffffef44ffffffd455ffffff92fffffff0fffffffcf1622ffffff9d7dfffffff8ffffffc3dfffffff5ffffff9a71ffffff9a414fffffffaa836ffffffaba1760ffffffc2ffffff8bffffffd6ffffff92512dffffffc55f6e54fffffffe2a5ffffffbb79ffffff8c73ffffffad702cffffffd6ffffff8cffffffa7ffffff85682f67ffffffcaffffffc7ffffffecfffffff76bffffff9c2b33fffffff4654ffffffe644ffffffe8413affffffe44b46fffffffeffffff8238782c6b1231ffffffac6f2770ffffffa93461ffffffc9ffffffb841fffffffffffffffebffffffb1ffffffaeffffffeeffffffdd2a21fffffffd6bffffffa5ffffffd9ffffff896159ffffffee34ffffffec2856fffffff2ffffffde86e74fffffffd6659360ffffffd84c295c54ffffff9322675236a52494e1fffffffa1547cffffffa4ffffffbb4effffffc8ffffffdf6d41ffffffe06429483f33ffffffb8ffffffdaffffffed261325ffffff9d55ffffffd0305b41ffffffa6494b2c4c2ffffffaf74ffffff8b489fffffffdffffffd970ffffffe21dffffffc3ffffffe927ffffffa5ffffffe467ffffffacffffffceffffffb7ffffff9fffffffb278ffffff9affffff91ffffff81ffffffd6 ] 0 } target_name: { "http@hostname" { 1 2 840 113554 1 2 1 4 } [  ] [  ] [ ] } mech_type: { 1 2 840 113554 1 2 2 } req_flags: 10 time_req: 0 input_cb: { 0 [  ] 0 [  ] [ 746c732d7365727665722d656e642d706f696e743affffff90fffffffeffffffd348fffffff9c1a4b2bffffff986affffffefffffffaaffffffc251ffffffaf194157ffffff97ffffffcf252cffffffc3ffffffe77affffffa637ffffff9d38ffffff90fffffffafffffff5ffffffd3ffffffc4fffffffe9ffffff982165ffffff9f8ffffffb9ffffffefffffff9affffffdcffffffc6ffffffe0ffffffad756740ffffffc17a1a59ffffffafffffffd7ffffff9fffffff9bffffffbd4dffffff87 ] } input_token: [ 606b692affffff8648ffffff86fffffff712122307e5c305affffffa03215ffffffa13211effffffa41118f32303233313231333139343730315affffffa55239ffffffdaffffff98ffffffa632125ffffffa9d1bb41442e4e5752412e434f4dffffffaa153013ffffffa03211ffffffa1c30a1b86f6c616c6c696524ffffffac947305ffffffa13212 ] [ { [ 73796e635f6d6f6469666965645f63726564730 ] [ 64656661756c740 ] } ] )
Dec 13 11:43:45 gssproxy[168936]: [CID 12][2023/12/13 19:43:45]: No impersonator credentials detected
Dec 13 11:43:45 gssproxy[168936]:     GSSX_RES_INIT_SEC_CONTEXT( status: { 589824 { 1 2 840 113554 1 2 2 } 100001 "Invalid token was supplied" "Success" [  ] } context_handle: <Null> output_token: <Null> )
Dec 13 11:43:45 gssproxy[168936]: [CID 12][2023/12/13 19:43:45]: [status] Returned buffer 8 (GSSX_INIT_SEC_CONTEXT) from [0x55c4ca186f50 (1016)]: [0x7efe080239d0 (120)]
Dec 13 11:43:45 gssproxy[168936]: [CID 12][2023/12/13 19:43:45]: [status] Handling query output: 0x7efe080239d0 (120)
Dec 13 11:43:45 gssproxy[168936]: [2023/12/13 19:43:45]: [status] Handling query reply: 0x7efe080239d0 (120)
Dec 13 11:43:45 gssproxy[168936]: [2023/12/13 19:43:45]: [status] Sending data: 0x7efe080239d0 (120)
Dec 13 11:43:45 gssproxy[168936]: [2023/12/13 19:43:45]: [status] Sending data [0x7efe080239d0 (120)]: successful write of 120

The context parameter to teh GSSX_ARG_INIT_SEC_CONTEXT calls seem to remain Null.

simo5 · 2023-12-15T14:20:32Z

simo5
Dec 15, 2023
Maintainer

The "bad" one just shows that it found a credential in the keyring, perhaps expired?
The gssproxy logs don't say much except I see a taget of http@hostname instead of WSMAN@hostname ... unclear what to make of it given you mangled the logs.

I strongly suggest you do not use the keyring ccache with gssproxy though, because it will be shared with the root account and that may cause unwanted races.

I would test manually by using a file ccache set with KRB5CCNAME before hand just to rule out cross process interference.

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Cannot authenticate to two particular machines from a specific host #89

{{title}}

{{editor}}'s edit

{{editor}}'s edit

Replies: 1 comment

{{title}}

Select a reply

Cannot authenticate to two particular machines from a specific host #89

opoplawski Dec 13, 2023

Replies: 1 comment

simo5 Dec 15, 2023 Maintainer

opoplawski
Dec 13, 2023

simo5
Dec 15, 2023
Maintainer