tail -f /var/log/sssd/krb5_child.log

(2021-08-02 14:35:07): [krb5_child[61431]] [main] (0x0400): krb5_child started.
(2021-08-02 14:35:07): [krb5_child[61431]] [unpack_buffer] (0x1000): total buffer size: [189]
(2021-08-02 14:35:07): [krb5_child[61431]] [unpack_buffer] (0x0100): cmd [241 (auth)] uid [1767884463] gid [1767800513] validate [true] enterprise principal [true] offline [false] UPN [adadmin@ad.college.edu]
(2021-08-02 14:35:07): [krb5_child[61431]] [unpack_buffer] (0x0100): ccname: [FILE:/tmp/krb5cc_1767884463_XXXXXX] old_ccname: [FILE:/tmp/krb5cc_1767884463_WAaH4K] keytab: [/etc/krb5.keytab]
(2021-08-02 14:35:07): [krb5_child[61431]] [check_use_fast] (0x0100): Not using FAST.
(2021-08-02 14:35:07): [krb5_child[61431]] [switch_creds] (0x0200): Switch user to [1767884463][1767800513].
(2021-08-02 14:35:07): [krb5_child[61431]] [switch_creds] (0x0200): Switch user to [0][0].
(2021-08-02 14:35:07): [krb5_child[61431]] [k5c_check_old_ccache] (0x4000): Ccache_file is [FILE:/tmp/krb5cc_1767884463_WAaH4K] and is  active and TGT is  valid.
(2021-08-02 14:35:07): [krb5_child[61431]] [privileged_krb5_setup] (0x0080): Cannot open the PAC responder socket
(2021-08-02 14:35:07): [krb5_child[61431]] [become_user] (0x0200): Trying to become user [1767884463][1767800513].
(2021-08-02 14:35:07): [krb5_child[61431]] [main] (0x2000): Running as [1767884463][1767800513].
(2021-08-02 14:35:07): [krb5_child[61431]] [set_lifetime_options] (0x0100): Renewable lifetime is set to [7d]
(2021-08-02 14:35:07): [krb5_child[61431]] [set_lifetime_options] (0x0100): Lifetime is set to [7h]
(2021-08-02 14:35:07): [krb5_child[61431]] [set_canonicalize_option] (0x0100): Canonicalization is set to [true]
(2021-08-02 14:35:07): [krb5_child[61431]] [main] (0x0400): Will perform auth
(2021-08-02 14:35:07): [krb5_child[61431]] [main] (0x0400): Will perform online auth
(2021-08-02 14:35:07): [krb5_child[61431]] [tgt_req_child] (0x1000): Attempting to get a TGT
(2021-08-02 14:35:07): [krb5_child[61431]] [get_and_save_tgt] (0x0400): Attempting kinit for realm [ad.college.edu]
(2021-08-02 14:35:07): [krb5_child[61431]] [sss_child_krb5_trace_cb] (0x4000): [61431] 1627932907.214513: Getting initial credentials for adadmin\@ad.college.edu@ad.college.edu

(2021-08-02 14:35:07): [krb5_child[61431]] [sss_child_krb5_trace_cb] (0x4000): [61431] 1627932907.214515: Sending unauthenticated request

(2021-08-02 14:35:07): [krb5_child[61431]] [sss_child_krb5_trace_cb] (0x4000): [61431] 1627932907.214516: Sending request (211 bytes) to ad.college.edu

(2021-08-02 14:35:07): [krb5_child[61431]] [sss_child_krb5_trace_cb] (0x4000): [61431] 1627932907.214517: Initiating TCP connection to stream 192.168.1.1:88

(2021-08-02 14:35:07): [krb5_child[61431]] [sss_child_krb5_trace_cb] (0x4000): [61431] 1627932907.214518: Sending TCP request to stream 192.168.1.1:88

(2021-08-02 14:35:07): [krb5_child[61431]] [sss_child_krb5_trace_cb] (0x4000): [61431] 1627932907.214519: Received answer (182 bytes) from stream 192.168.1.1:88

(2021-08-02 14:35:07): [krb5_child[61431]] [sss_child_krb5_trace_cb] (0x4000): [61431] 1627932907.214520: Terminating TCP connection to stream 192.168.1.1:88

(2021-08-02 14:35:07): [krb5_child[61431]] [sss_child_krb5_trace_cb] (0x4000): [61431] 1627932907.214521: Response was from master KDC

(2021-08-02 14:35:07): [krb5_child[61431]] [sss_child_krb5_trace_cb] (0x4000): [61431] 1627932907.214522: Received error from KDC: -1765328359/Additional pre-authentication required

(2021-08-02 14:35:07): [krb5_child[61431]] [sss_child_krb5_trace_cb] (0x4000): [61431] 1627932907.214525: Preauthenticating using KDC method data

(2021-08-02 14:35:07): [krb5_child[61431]] [sss_child_krb5_trace_cb] (0x4000): [61431] 1627932907.214526: Processing preauth types: PA-PK-AS-REQ (16), PA-PK-AS-REP_OLD (15), PA-ETYPE-INFO2 (19), PA-ENC-TIMESTAMP (2)

(2021-08-02 14:35:07): [krb5_child[61431]] [sss_child_krb5_trace_cb] (0x4000): [61431] 1627932907.214527: Selected etype info: etype aes256-cts, salt "ad.college.eduadadmin", params ""

(2021-08-02 14:35:07): [krb5_child[61431]] [sss_krb5_responder] (0x4000): Got question [password].
(2021-08-02 14:35:07): [krb5_child[61431]] [sss_child_krb5_trace_cb] (0x4000): [61431] 1627932907.214528: AS key obtained for encrypted timestamp: aes256-cts/9C78

(2021-08-02 14:35:07): [krb5_child[61431]] [sss_child_krb5_trace_cb] (0x4000): [61431] 1627932907.214530: Encrypted timestamp (for 1627932909.973112): plain 301AA011180F32303231303830323139333530395AA10502030ED938, encrypted 85F83BC2B8108F7C6E836CD3A86A6CC0064F6330815E5E8E104B94D7340FF216149AA7C63C8657C0DC583BBAA086E4632323669BA8C5B281

(2021-08-02 14:35:07): [krb5_child[61431]] [sss_child_krb5_trace_cb] (0x4000): [61431] 1627932907.214531: Preauth module encrypted_timestamp (2) (real) returned: 0/Success

(2021-08-02 14:35:07): [krb5_child[61431]] [sss_child_krb5_trace_cb] (0x4000): [61431] 1627932907.214532: Produced preauth for next request: PA-ENC-TIMESTAMP (2)

(2021-08-02 14:35:07): [krb5_child[61431]] [sss_child_krb5_trace_cb] (0x4000): [61431] 1627932907.214533: Sending request (291 bytes) to ad.college.edu

(2021-08-02 14:35:07): [krb5_child[61431]] [sss_child_krb5_trace_cb] (0x4000): [61431] 1627932907.214534: Initiating TCP connection to stream 192.168.1.1:88

(2021-08-02 14:35:07): [krb5_child[61431]] [sss_child_krb5_trace_cb] (0x4000): [61431] 1627932907.214535: Sending TCP request to stream 192.168.1.1:88

(2021-08-02 14:35:07): [krb5_child[61431]] [sss_child_krb5_trace_cb] (0x4000): [61431] 1627932907.214536: Received answer (1797 bytes) from stream 192.168.1.1:88

(2021-08-02 14:35:07): [krb5_child[61431]] [sss_child_krb5_trace_cb] (0x4000): [61431] 1627932907.214537: Terminating TCP connection to stream 192.168.1.1:88

(2021-08-02 14:35:07): [krb5_child[61431]] [sss_child_krb5_trace_cb] (0x4000): [61431] 1627932907.214538: Response was from master KDC

(2021-08-02 14:35:07): [krb5_child[61431]] [sss_child_krb5_trace_cb] (0x4000): [61431] 1627932907.214539: Processing preauth types: PA-ETYPE-INFO2 (19)

(2021-08-02 14:35:07): [krb5_child[61431]] [sss_child_krb5_trace_cb] (0x4000): [61431] 1627932907.214540: Selected etype info: etype aes256-cts, salt "ad.college.eduadadmin", params ""

(2021-08-02 14:35:07): [krb5_child[61431]] [sss_child_krb5_trace_cb] (0x4000): [61431] 1627932907.214541: Produced preauth for next request: (empty)

(2021-08-02 14:35:07): [krb5_child[61431]] [sss_child_krb5_trace_cb] (0x4000): [61431] 1627932907.214542: AS key determined by preauth: aes256-cts/9C78

(2021-08-02 14:35:07): [krb5_child[61431]] [sss_child_krb5_trace_cb] (0x4000): [61431] 1627932907.214543: Decrypted AS reply; session key is: aes256-cts/ED3D

(2021-08-02 14:35:07): [krb5_child[61431]] [sss_child_krb5_trace_cb] (0x4000): [61431] 1627932907.214544: FAST negotiation: unavailable

(2021-08-02 14:35:07): [krb5_child[61431]] [sss_krb5_expire_callback_func] (0x2000): exp_time: [3012111]
(2021-08-02 14:35:07): [krb5_child[61431]] [validate_tgt] (0x2000): Found keytab entry with the realm of the credential.
(2021-08-02 14:35:07): [krb5_child[61431]] [sss_child_krb5_trace_cb] (0x4000): [61431] 1627932907.214545: Retrieving server$@ad.college.edu from MEMORY:/etc/krb5.keytab (vno 0, enctype 0) with result: 0/Success

(2021-08-02 14:35:07): [krb5_child[61431]] [sss_child_krb5_trace_cb] (0x4000): [61431] 1627932907.214546: Resolving unique ccache of type MEMORY

(2021-08-02 14:35:07): [krb5_child[61431]] [sss_child_krb5_trace_cb] (0x4000): [61431] 1627932907.214547: Initializing MEMORY:0lEIo7m with default princ adadmin@ad.college.edu

(2021-08-02 14:35:07): [krb5_child[61431]] [sss_child_krb5_trace_cb] (0x4000): [61431] 1627932907.214548: Storing adadmin@ad.college.edu -> krbtgt/ad.college.edu@ad.college.edu in MEMORY:0lEIo7m

(2021-08-02 14:35:07): [krb5_child[61431]] [sss_child_krb5_trace_cb] (0x4000): [61431] 1627932907.214549: Getting credentials adadmin@ad.college.edu -> server$@ad.college.edu using ccache MEMORY:0lEIo7m

(2021-08-02 14:35:07): [krb5_child[61431]] [sss_child_krb5_trace_cb] (0x4000): [61431] 1627932907.214550: Retrieving adadmin@ad.college.edu -> server$@ad.college.edu from MEMORY:0lEIo7m with result: -1765328243/Matching credential not found

(2021-08-02 14:35:07): [krb5_child[61431]] [sss_child_krb5_trace_cb] (0x4000): [61431] 1627932907.214551: Retrieving adadmin@ad.college.edu -> krbtgt/ad.college.edu@ad.college.edu from MEMORY:0lEIo7m with result: 0/Success

(2021-08-02 14:35:07): [krb5_child[61431]] [sss_child_krb5_trace_cb] (0x4000): [61431] 1627932907.214552: Starting with TGT for client realm: adadmin@ad.college.edu -> krbtgt/ad.college.edu@ad.college.edu

(2021-08-02 14:35:07): [krb5_child[61431]] [sss_child_krb5_trace_cb] (0x4000): [61431] 1627932907.214553: Requesting tickets for server$@ad.college.edu, referrals on

(2021-08-02 14:35:07): [krb5_child[61431]] [sss_child_krb5_trace_cb] (0x4000): [61431] 1627932907.214554: Generated subkey for TGS request: aes256-cts/046F

(2021-08-02 14:35:07): [krb5_child[61431]] [sss_child_krb5_trace_cb] (0x4000): [61431] 1627932907.214555: etypes requested in TGS request: aes256-cts, aes128-cts, aes256-sha2, aes128-sha2, rc4-hmac, camellia128-cts, camellia256-cts

(2021-08-02 14:35:07): [krb5_child[61431]] [sss_child_krb5_trace_cb] (0x4000): [61431] 1627932907.214557: Encoding request body and padata into FAST request

(2021-08-02 14:35:07): [krb5_child[61431]] [sss_child_krb5_trace_cb] (0x4000): [61431] 1627932907.214558: Sending request (1918 bytes) to ad.college.edu

(2021-08-02 14:35:07): [krb5_child[61431]] [sss_child_krb5_trace_cb] (0x4000): [61431] 1627932907.214559: Initiating TCP connection to stream 192.168.1.1:88

(2021-08-02 14:35:07): [krb5_child[61431]] [sss_child_krb5_trace_cb] (0x4000): [61431] 1627932907.214560: Sending TCP request to stream 192.168.1.1:88

(2021-08-02 14:35:07): [krb5_child[61431]] [sss_child_krb5_trace_cb] (0x4000): [61431] 1627932907.214561: Received answer (1937 bytes) from stream 192.168.1.1:88

(2021-08-02 14:35:07): [krb5_child[61431]] [sss_child_krb5_trace_cb] (0x4000): [61431] 1627932907.214562: Terminating TCP connection to stream 192.168.1.1:88

(2021-08-02 14:35:07): [krb5_child[61431]] [sss_child_krb5_trace_cb] (0x4000): [61431] 1627932907.214563: Response was from master KDC

(2021-08-02 14:35:07): [krb5_child[61431]] [sss_child_krb5_trace_cb] (0x4000): [61431] 1627932907.214564: Decoding FAST response

(2021-08-02 14:35:07): [krb5_child[61431]] [sss_child_krb5_trace_cb] (0x4000): [61431] 1627932907.214565: FAST reply key: aes256-cts/BE7E

(2021-08-02 14:35:07): [krb5_child[61431]] [sss_child_krb5_trace_cb] (0x4000): [61431] 1627932907.214566: TGS reply is for adadmin@ad.college.edu -> server$@ad.college.edu with session key aes256-cts/D608

(2021-08-02 14:35:07): [krb5_child[61431]] [sss_child_krb5_trace_cb] (0x4000): [61431] 1627932907.214567: TGS request result: 0/Success

(2021-08-02 14:35:07): [krb5_child[61431]] [sss_child_krb5_trace_cb] (0x4000): [61431] 1627932907.214568: Received creds for desired service server$@ad.college.edu

(2021-08-02 14:35:07): [krb5_child[61431]] [sss_child_krb5_trace_cb] (0x4000): [61431] 1627932907.214569: Storing adadmin@ad.college.edu -> server$@ad.college.edu in MEMORY:0lEIo7m

tail -f /var/log/sssd/krb5_child.log

(2021-08-02 14:35:07): [krb5_child[61431]] [sss_child_krb5_trace_cb] (0x4000): [61431] 1627932907.214570: Creating authenticator for adadmin@ad.college.edu -> server$@ad.college.edu, seqnum 0, subkey (null), session key aes256-cts/D608

(2021-08-02 14:35:07): [krb5_child[61431]] [sss_child_krb5_trace_cb] (0x4000): [61431] 1627932907.214572: Retrieving server$@ad.college.edu from MEMORY:/etc/krb5.keytab (vno 3, enctype aes256-cts) with result: 0/Success

(2021-08-02 14:35:07): [krb5_child[61431]] [sss_child_krb5_trace_cb] (0x4000): [61431] 1627932907.214573: Decrypted AP-REQ with specified server principal server$@ad.college.edu: aes256-cts/737D

(2021-08-02 14:35:07): [krb5_child[61431]] [sss_child_krb5_trace_cb] (0x4000): [61431] 1627932907.214574: AP-REQ ticket: adadmin@ad.college.edu -> server$@ad.college.edu, session key aes256-cts/D608

(2021-08-02 14:35:07): [krb5_child[61431]] [sss_child_krb5_trace_cb] (0x4000): [61431] 1627932907.214575: Negotiated enctype based on authenticator: aes256-cts

(2021-08-02 14:35:07): [krb5_child[61431]] [sss_child_krb5_trace_cb] (0x4000): [61431] 1627932907.214576: Initializing MEMORY:rd_req2 with default princ adadmin@ad.college.edu

(2021-08-02 14:35:07): [krb5_child[61431]] [sss_child_krb5_trace_cb] (0x4000): [61431] 1627932907.214577: Storing adadmin@ad.college.edu -> server$@ad.college.edu in MEMORY:rd_req2

(2021-08-02 14:35:07): [krb5_child[61431]] [sss_child_krb5_trace_cb] (0x4000): [61431] 1627932907.214578: Destroying ccache MEMORY:0lEIo7m

(2021-08-02 14:35:07): [krb5_child[61431]] [validate_tgt] (0x0400): TGT verified using key for [server$@ad.college.edu].
(2021-08-02 14:35:07): [krb5_child[61431]] [sss_child_krb5_trace_cb] (0x4000): [61431] 1627932907.214579: Retrieving adadmin@ad.college.edu -> server$@ad.college.edu from MEMORY:rd_req2 with result: 0/Success

(2021-08-02 14:35:07): [krb5_child[61431]] [sss_child_krb5_trace_cb] (0x4000): [61431] 1627932907.214580: Retrieving nfs/server@ad.college.edu from MEMORY:/etc/krb5.keytab (vno 3, enctype aes256-cts) with result: 0/Success

(2021-08-02 14:35:07): [krb5_child[61431]] [sss_send_pac] (0x0040): sss_pac_make_request failed [-1][2].
(2021-08-02 14:35:07): [krb5_child[61431]] [validate_tgt] (0x0040): sss_send_pac failed, group membership for user with principal [adadmin\@ad.college.edu@ad.college.edu] might not be correct.
(2021-08-02 14:35:07): [krb5_child[61431]] [sss_child_krb5_trace_cb] (0x4000): [61431] 1627932907.214581: Destroying ccache MEMORY:rd_req2

(2021-08-02 14:35:07): [krb5_child[61431]] [get_and_save_tgt] (0x2000): Running as [1767884463][1767800513].
(2021-08-02 14:35:07): [krb5_child[61431]] [sss_get_ccache_name_for_principal] (0x4000): Location: [FILE:/tmp/krb5cc_1767884463_WAaH4K]
(2021-08-02 14:35:07): [krb5_child[61431]] [sss_get_ccache_name_for_principal] (0x4000): tmp_ccname: [FILE:/tmp/krb5cc_1767884463_WAaH4K]
(2021-08-02 14:35:07): [krb5_child[61431]] [create_ccache] (0x4000): Initializing ccache of type [FILE]
(2021-08-02 14:35:07): [krb5_child[61431]] [create_ccache] (0x4000): returning: 0
(2021-08-02 14:35:07): [krb5_child[61431]] [safe_remove_old_ccache_file] (0x0400): New and old ccache file are the same, none will be deleted.
(2021-08-02 14:35:07): [krb5_child[61431]] [k5c_send_data] (0x0200): Received error code 0
(2021-08-02 14:35:07): [krb5_child[61431]] [pack_response_packet] (0x2000): response packet size: [142]
(2021-08-02 14:35:07): [krb5_child[61431]] [k5c_send_data] (0x4000): Response sent.
(2021-08-02 14:35:07): [krb5_child[61431]] [main] (0x0400): krb5_child completed successfully
^C