Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- (2023-01-05 14:50:55): [krb5_child[22845]] [main] (0x0400): krb5_child started.
- (2023-01-05 14:50:55): [krb5_child[22845]] [unpack_buffer] (0x1000): total buffer size: [152]
- (2023-01-05 14:50:55): [krb5_child[22845]] [unpack_buffer] (0x0100): cmd [249] uid [438200029] gid [438200029] validate [true] enterprise principal [false] offline [false] UPN [daazeez@domain.COM]
- (2023-01-05 14:50:55): [krb5_child[22845]] [unpack_buffer] (0x0100): ccname: [KEYRING:persistent:438200029] old_ccname: [KEYRING:persistent:438200029] keytab: [/etc/krb5.keytab]
- (2023-01-05 14:50:55): [krb5_child[22845]] [k5c_setup_fast] (0x0100): Fast principal is set to [host/e-recondbtest.domain.com@domain.COM]
- (2023-01-05 14:50:55): [krb5_child[22845]] [find_principal_in_keytab] (0x4000): Trying to find principal host/e-recondbtest.domain.com@domain.COM in keytab.
- (2023-01-05 14:50:55): [krb5_child[22845]] [match_principal] (0x1000): Principal matched to the sample (host/e-recondbtest.domain.com@domain.COM).
- (2023-01-05 14:50:55): [krb5_child[22845]] [check_fast_ccache] (0x0200): FAST TGT is still valid.
- (2023-01-05 14:50:55): [krb5_child[22845]] [become_user] (0x0200): Trying to become user [438200029][438200029].
- (2023-01-05 14:50:55): [krb5_child[22845]] [main] (0x2000): Running as [438200029][438200029].
- (2023-01-05 14:50:55): [krb5_child[22845]] [set_lifetime_options] (0x0100): No specific renewable lifetime requested.
- (2023-01-05 14:50:55): [krb5_child[22845]] [set_lifetime_options] (0x0100): No specific lifetime requested.
- (2023-01-05 14:50:55): [krb5_child[22845]] [set_canonicalize_option] (0x0100): Canonicalization is set to [true]
- (2023-01-05 14:50:55): [krb5_child[22845]] [main] (0x0400): Will perform pre-auth
- (2023-01-05 14:50:55): [krb5_child[22845]] [tgt_req_child] (0x1000): Attempting to get a TGT
- (2023-01-05 14:50:55): [krb5_child[22845]] [get_and_save_tgt] (0x0400): Attempting kinit for realm [domain.COM]
- (2023-01-05 14:50:55): [krb5_child[22845]] [sss_child_krb5_trace_cb] (0x4000): [22845] 1672926655.259255: Getting initial credentials for daazeez@domain.COM
- (2023-01-05 14:50:55): [krb5_child[22845]] [sss_child_krb5_trace_cb] (0x4000): [22845] 1672926655.259256: FAST armor ccache: MEMORY:/var/lib/sss/db/fast_ccache_domain.COM
- (2023-01-05 14:50:55): [krb5_child[22845]] [sss_child_krb5_trace_cb] (0x4000): [22845] 1672926655.259257: Retrieving host/e-recondbtest.domain.com@domain.COM -> krb5_ccache_conf_data/fast_avail/krbtgt\/domain.COM\@
- domain.COM@X-CACHECONF: from MEMORY:/var/lib/sss/db/fast_ccache_domain.COM with result: -1765328243/Matching credential not found
- (2023-01-05 14:50:55): [krb5_child[22845]] [sss_child_krb5_trace_cb] (0x4000): [22845] 1672926655.259259: Sending unauthenticated request
- (2023-01-05 14:50:55): [krb5_child[22845]] [sss_child_krb5_trace_cb] (0x4000): [22845] 1672926655.259260: Sending request (183 bytes) to domain.COM
- (2023-01-05 14:50:55): [krb5_child[22845]] [sss_child_krb5_trace_cb] (0x4000): [22845] 1672926655.259261: Initiating TCP connection to stream 10.10.20.180:88
- (2023-01-05 14:50:55): [krb5_child[22845]] [sss_child_krb5_trace_cb] (0x4000): [22845] 1672926655.259262: Sending TCP request to stream 10.10.20.180:88
- (2023-01-05 14:50:55): [krb5_child[22845]] [sss_child_krb5_trace_cb] (0x4000): [22845] 1672926655.259263: Received answer (487 bytes) from stream 10.10.20.180:88
- (2023-01-05 14:50:55): [krb5_child[22845]] [sss_child_krb5_trace_cb] (0x4000): [22845] 1672926655.259264: Terminating TCP connection to stream 10.10.20.180:88
- (2023-01-05 14:50:55): [krb5_child[22845]] [sss_child_krb5_trace_cb] (0x4000): [22845] 1672926655.259265: Response was from master KDC
- (2023-01-05 14:50:55): [krb5_child[22845]] [sss_child_krb5_trace_cb] (0x4000): [22845] 1672926655.259266: Received error from KDC: -1765328359/Additional pre-authentication required
- (2023-01-05 14:50:55): [krb5_child[22845]] [sss_child_krb5_trace_cb] (0x4000): [22845] 1672926655.259267: Upgrading to FAST due to presence of PA_FX_FAST in reply
- (2023-01-05 14:50:55): [krb5_child[22845]] [sss_child_krb5_trace_cb] (0x4000): [22845] 1672926655.259268: FAST armor ccache: MEMORY:/var/lib/sss/db/fast_ccache_domain.COM
- (2023-01-05 14:50:55): [krb5_child[22845]] [sss_child_krb5_trace_cb] (0x4000): [22845] 1672926655.259269: Retrieving host/e-recondbtest.domain.com@domain.COM -> krb5_ccache_conf_data/fast_avail/krbtgt\/domain.COM\@
- domain.COM@X-CACHECONF: from MEMORY:/var/lib/sss/db/fast_ccache_domain.COM with result: -1765328243/Matching credential not found
- (2023-01-05 14:50:55): [krb5_child[22845]] [sss_child_krb5_trace_cb] (0x4000): [22845] 1672926655.259270: Getting credentials host/e-recondbtest.domain.com@domain.COM -> krbtgt/domain.COM@domain.COM using cca
- che MEMORY:/var/lib/sss/db/fast_ccache_domain.COM
- (2023-01-05 14:50:55): [krb5_child[22845]] [sss_child_krb5_trace_cb] (0x4000): [22845] 1672926655.259271: Retrieving host/e-recondbtest.domain.com@domain.COM -> krbtgt/domain.COM@domain.COM from MEMORY:/var/l
- ib/sss/db/fast_ccache_domain.COM with result: 0/Success
- (2023-01-05 14:50:55): [krb5_child[22845]] [sss_child_krb5_trace_cb] (0x4000): [22845] 1672926655.259272: Armor ccache sesion key: aes256-cts/D6D9
- (2023-01-05 14:50:55): [krb5_child[22845]] [sss_child_krb5_trace_cb] (0x4000): [22845] 1672926655.259274: Creating authenticator for host/e-recondbtest.domain.com@domain.COM -> krbtgt/domain.COM@domain.COM, s
- eqnum 0, subkey aes256-cts/81ED, session key aes256-cts/D6D9
- (2023-01-05 14:50:55): [krb5_child[22845]] [sss_child_krb5_trace_cb] (0x4000): [22845] 1672926655.259276: FAST armor key: aes256-cts/6E04
- (2023-01-05 14:50:55): [krb5_child[22845]] [sss_child_krb5_trace_cb] (0x4000): [22845] 1672926655.259278: Sending unauthenticated request
- (2023-01-05 14:50:55): [krb5_child[22845]] [sss_child_krb5_trace_cb] (0x4000): [22845] 1672926655.259279: Encoding request body and padata into FAST request
- (2023-01-05 14:50:55): [krb5_child[22845]] [sss_child_krb5_trace_cb] (0x4000): [22845] 1672926655.259280: Sending request (2180 bytes) to domain.COM
- (2023-01-05 14:50:55): [krb5_child[22845]] [sss_child_krb5_trace_cb] (0x4000): [22845] 1672926655.259281: Initiating TCP connection to stream 10.10.20.180:88
- (2023-01-05 14:50:55): [krb5_child[22845]] [sss_child_krb5_trace_cb] (0x4000): [22845] 1672926655.259282: Sending TCP request to stream 10.10.20.180:88
- (2023-01-05 14:50:55): [krb5_child[22845]] [sss_child_krb5_trace_cb] (0x4000): [22845] 1672926655.259283: Received answer (161 bytes) from stream 10.10.20.180:88
- (2023-01-05 14:50:55): [krb5_child[22845]] [sss_child_krb5_trace_cb] (0x4000): [22845] 1672926655.259284: Terminating TCP connection to stream 10.10.20.180:88
- (2023-01-05 14:50:55): [krb5_child[22845]] [sss_child_krb5_trace_cb] (0x4000): [22845] 1672926655.259285: Response was from master KDC
- (2023-01-05 14:50:55): [krb5_child[22845]] [sss_child_krb5_trace_cb] (0x4000): [22845] 1672926655.259286: Received error from KDC: -1765328347/Clock skew too great
- (2023-01-05 14:50:55): [krb5_child[22845]] [get_and_save_tgt] (0x0400): krb5_get_init_creds_password returned [-1765328347] during pre-auth.
- (2023-01-05 14:50:55): [krb5_child[22845]] [k5c_send_data] (0x0200): Received error code 0
- (2023-01-05 14:50:55): [krb5_child[22845]] [pack_response_packet] (0x2000): response packet size: [4]
- (2023-01-05 14:50:55): [krb5_child[22845]] [k5c_send_data] (0x4000): Response sent.
- (2023-01-05 14:50:55): [krb5_child[22845]] [main] (0x0400): krb5_child completed successfully
- (2023-01-05 14:50:58): [krb5_child[22846]] [main] (0x0400): krb5_child started.
- (2023-01-05 14:50:58): [krb5_child[22846]] [unpack_buffer] (0x1000): total buffer size: [165]
- (2023-01-05 14:50:58): [krb5_child[22846]] [unpack_buffer] (0x0100): cmd [241] uid [438200029] gid [438200029] validate [true] enterprise principal [false] offline [false] UPN [daazeez@domain.COM]
- (2023-01-05 14:50:58): [krb5_child[22846]] [unpack_buffer] (0x0100): ccname: [KEYRING:persistent:438200029] old_ccname: [KEYRING:persistent:438200029] keytab: [/etc/krb5.keytab]
- (2023-01-05 14:50:58): [krb5_child[22846]] [switch_creds] (0x0200): Switch user to [438200029][438200029].
- (2023-01-05 14:50:58): [krb5_child[22846]] [sss_krb5_cc_verify_ccache] (0x2000): TGT not found or expired.
- (2023-01-05 14:50:58): [krb5_child[22846]] [switch_creds] (0x0200): Switch user to [0][0].
- (2023-01-05 14:50:58): [krb5_child[22846]] [k5c_check_old_ccache] (0x4000): Ccache_file is [KEYRING:persistent:438200029] and is not active and TGT is valid.
- (2023-01-05 14:50:58): [krb5_child[22846]] [k5c_precreate_ccache] (0x4000): Recreating ccache
- (2023-01-05 14:50:58): [krb5_child[22846]] [k5c_setup_fast] (0x0100): Fast principal is set to [host/e-recondbtest.domain.com@domain.COM]
- (2023-01-05 14:50:58): [krb5_child[22846]] [find_principal_in_keytab] (0x4000): Trying to find principal host/e-recondbtest.domain.com@domain.COM in keytab.
- (2023-01-05 14:50:58): [krb5_child[22846]] [match_principal] (0x1000): Principal matched to the sample (host/e-recondbtest.domain.com@domain.COM).
- (2023-01-05 14:50:58): [krb5_child[22846]] [check_fast_ccache] (0x0200): FAST TGT is still valid.
- (2023-01-05 14:50:58): [krb5_child[22846]] [become_user] (0x0200): Trying to become user [438200029][438200029].
- (2023-01-05 14:50:58): [krb5_child[22846]] [main] (0x2000): Running as [438200029][438200029].
- (2023-01-05 14:50:58): [krb5_child[22846]] [set_lifetime_options] (0x0100): No specific renewable lifetime requested.
- (2023-01-05 14:50:58): [krb5_child[22846]] [set_lifetime_options] (0x0100): No specific lifetime requested.
- (2023-01-05 14:50:58): [krb5_child[22846]] [set_canonicalize_option] (0x0100): Canonicalization is set to [true]
- (2023-01-05 14:50:58): [krb5_child[22846]] [main] (0x0400): Will perform online auth
- (2023-01-05 14:50:58): [krb5_child[22846]] [tgt_req_child] (0x1000): Attempting to get a TGT
- (2023-01-05 14:50:58): [krb5_child[22846]] [get_and_save_tgt] (0x0400): Attempting kinit for realm [domain.COM]
- (2023-01-05 14:50:58): [krb5_child[22846]] [sss_child_krb5_trace_cb] (0x4000): [22846] 1672926658.890073: Getting initial credentials for daazeez@domain.COM
- (2023-01-05 14:50:58): [krb5_child[22846]] [sss_child_krb5_trace_cb] (0x4000): [22846] 1672926658.890074: FAST armor ccache: MEMORY:/var/lib/sss/db/fast_ccache_domain.COM
- (2023-01-05 14:50:58): [krb5_child[22846]] [sss_child_krb5_trace_cb] (0x4000): [22846] 1672926658.890075: Retrieving host/e-recondbtest.domain.com@domain.COM -> krb5_ccache_conf_data/fast_avail/krbtgt\/domain.COM\@
- domain.COM@X-CACHECONF: from MEMORY:/var/lib/sss/db/fast_ccache_domain.COM with result: -1765328243/Matching credential not found
- (2023-01-05 14:50:58): [krb5_child[22846]] [sss_child_krb5_trace_cb] (0x4000): [22846] 1672926658.890077: Sending unauthenticated request
- (2023-01-05 14:50:58): [krb5_child[22846]] [sss_child_krb5_trace_cb] (0x4000): [22846] 1672926658.890078: Sending request (183 bytes) to domain.COM
- (2023-01-05 14:50:58): [krb5_child[22846]] [sss_child_krb5_trace_cb] (0x4000): [22846] 1672926658.890079: Initiating TCP connection to stream 10.10.20.180:88
- (2023-01-05 14:50:58): [krb5_child[22846]] [sss_child_krb5_trace_cb] (0x4000): [22846] 1672926658.890080: Sending TCP request to stream 10.10.20.180:88
- (2023-01-05 14:50:58): [krb5_child[22846]] [sss_child_krb5_trace_cb] (0x4000): [22846] 1672926658.890081: Received answer (487 bytes) from stream 10.10.20.180:88
- (2023-01-05 14:50:58): [krb5_child[22846]] [sss_child_krb5_trace_cb] (0x4000): [22846] 1672926658.890082: Terminating TCP connection to stream 10.10.20.180:88
- (2023-01-05 14:50:58): [krb5_child[22846]] [sss_child_krb5_trace_cb] (0x4000): [22846] 1672926658.890083: Response was from master KDC
- (2023-01-05 14:50:58): [krb5_child[22846]] [sss_child_krb5_trace_cb] (0x4000): [22846] 1672926658.890084: Received error from KDC: -1765328359/Additional pre-authentication required
- (2023-01-05 14:50:58): [krb5_child[22846]] [sss_child_krb5_trace_cb] (0x4000): [22846] 1672926658.890085: Upgrading to FAST due to presence of PA_FX_FAST in reply
- (2023-01-05 14:50:58): [krb5_child[22846]] [sss_child_krb5_trace_cb] (0x4000): [22846] 1672926658.890086: FAST armor ccache: MEMORY:/var/lib/sss/db/fast_ccache_domain.COM
- (2023-01-05 14:50:58): [krb5_child[22846]] [sss_child_krb5_trace_cb] (0x4000): [22846] 1672926658.890087: Retrieving host/e-recondbtest.domain.com@domain.COM -> krb5_ccache_conf_data/fast_avail/krbtgt\/domain.COM\@
- domain.COM@X-CACHECONF: from MEMORY:/var/lib/sss/db/fast_ccache_domain.COM with result: -1765328243/Matching credential not found
- (2023-01-05 14:50:58): [krb5_child[22846]] [sss_child_krb5_trace_cb] (0x4000): [22846] 1672926658.890088: Getting credentials host/e-recondbtest.domain.com@domain.COM -> krbtgt/domain.COM@domain.COM using cca
- che MEMORY:/var/lib/sss/db/fast_ccache_domain.COM
- (2023-01-05 14:50:58): [krb5_child[22846]] [sss_child_krb5_trace_cb] (0x4000): [22846] 1672926658.890089: Retrieving host/e-recondbtest.domain.com@domain.COM -> krbtgt/domain.COM@domain.COM from MEMORY:/var/l
- ib/sss/db/fast_ccache_domain.COM with result: 0/Success
- (2023-01-05 14:50:58): [krb5_child[22846]] [sss_child_krb5_trace_cb] (0x4000): [22846] 1672926658.890090: Armor ccache sesion key: aes256-cts/D6D9
- (2023-01-05 14:50:58): [krb5_child[22846]] [sss_child_krb5_trace_cb] (0x4000): [22846] 1672926658.890092: Creating authenticator for host/e-recondbtest.domain.com@domain.COM -> krbtgt/domain.COM@domain.COM, s
- eqnum 0, subkey aes256-cts/01AC, session key aes256-cts/D6D9
- (2023-01-05 14:50:58): [krb5_child[22846]] [sss_child_krb5_trace_cb] (0x4000): [22846] 1672926658.890094: FAST armor key: aes256-cts/B88C
- (2023-01-05 14:50:58): [krb5_child[22846]] [sss_child_krb5_trace_cb] (0x4000): [22846] 1672926658.890096: Sending unauthenticated request
- (2023-01-05 14:50:58): [krb5_child[22846]] [sss_child_krb5_trace_cb] (0x4000): [22846] 1672926658.890097: Encoding request body and padata into FAST request
- (2023-01-05 14:50:58): [krb5_child[22846]] [sss_child_krb5_trace_cb] (0x4000): [22846] 1672926658.890098: Sending request (2180 bytes) to domain.COM
- (2023-01-05 14:50:58): [krb5_child[22846]] [sss_child_krb5_trace_cb] (0x4000): [22846] 1672926658.890099: Initiating TCP connection to stream 10.10.20.180:88
- (2023-01-05 14:50:58): [krb5_child[22846]] [sss_child_krb5_trace_cb] (0x4000): [22846] 1672926658.890100: Sending TCP request to stream 10.10.20.180:88
- (2023-01-05 14:50:58): [krb5_child[22846]] [sss_child_krb5_trace_cb] (0x4000): [22846] 1672926658.890101: Received answer (161 bytes) from stream 10.10.20.180:88
- (2023-01-05 14:50:58): [krb5_child[22846]] [sss_child_krb5_trace_cb] (0x4000): [22846] 1672926658.890102: Terminating TCP connection to stream 10.10.20.180:88
- (2023-01-05 14:50:58): [krb5_child[22846]] [sss_child_krb5_trace_cb] (0x4000): [22846] 1672926658.890103: Response was from master KDC
- (2023-01-05 14:50:58): [krb5_child[22846]] [sss_child_krb5_trace_cb] (0x4000): [22846] 1672926658.890104: Received error from KDC: -1765328347/Clock skew too great
- (2023-01-05 14:50:58): [krb5_child[22846]] [get_and_save_tgt] (0x0020): 1709: [-1765328347][Clock skew too great]
- (2023-01-05 14:50:58): [krb5_child[22846]] [map_krb5_error] (0x0020): 1838: [-1765328347][Clock skew too great]
- (2023-01-05 14:50:58): [krb5_child[22846]] [k5c_send_data] (0x0200): Received error code 1432158229
- (2023-01-05 14:50:58): [krb5_child[22846]] [pack_response_packet] (0x2000): response packet size: [4]
- (2023-01-05 14:50:58): [krb5_child[22846]] [k5c_send_data] (0x4000): Response sent.
- (2023-01-05 14:50:58): [krb5_child[22846]] [main] (0x0400): krb5_child completed successfully
- (2023-01-05 14:50:58): [krb5_child[22847]] [main] (0x0400): krb5_child started.
- (2023-01-05 14:50:58): [krb5_child[22847]] [unpack_buffer] (0x1000): total buffer size: [165]
- (2023-01-05 14:50:58): [krb5_child[22847]] [unpack_buffer] (0x0100): cmd [241] uid [438200029] gid [438200029] validate [true] enterprise principal [false] offline [true] UPN [daazeez@domain.COM]
- (2023-01-05 14:50:58): [krb5_child[22847]] [unpack_buffer] (0x0100): ccname: [KEYRING:persistent:438200029] old_ccname: [KEYRING:persistent:438200029] keytab: [/etc/krb5.keytab]
- (2023-01-05 14:50:58): [krb5_child[22847]] [switch_creds] (0x0200): Switch user to [438200029][438200029].
- (2023-01-05 14:50:58): [krb5_child[22847]] [sss_krb5_cc_verify_ccache] (0x2000): TGT not found or expired.
- (2023-01-05 14:50:58): [krb5_child[22847]] [switch_creds] (0x0200): Switch user to [0][0].
- (2023-01-05 14:50:58): [krb5_child[22847]] [k5c_check_old_ccache] (0x4000): Ccache_file is [KEYRING:persistent:438200029] and is not active and TGT is valid.
- (2023-01-05 14:50:58): [krb5_child[22847]] [become_user] (0x0200): Trying to become user [438200029][438200029].
- (2023-01-05 14:50:58): [krb5_child[22847]] [main] (0x2000): Running as [438200029][438200029].
- (2023-01-05 14:50:58): [krb5_child[22847]] [set_lifetime_options] (0x0100): No specific renewable lifetime requested.
- (2023-01-05 14:50:58): [krb5_child[22847]] [set_lifetime_options] (0x0100): No specific lifetime requested.
- (2023-01-05 14:50:58): [krb5_child[22847]] [main] (0x0400): Will perform offline auth
- (2023-01-05 14:50:58): [krb5_child[22847]] [create_empty_ccache] (0x1000): Existing ccache still valid, reusing
- (2023-01-05 14:50:58): [krb5_child[22847]] [k5c_send_data] (0x0200): Received error code 0
- (2023-01-05 14:50:58): [krb5_child[22847]] [pack_response_packet] (0x2000): response packet size: [52]
- (2023-01-05 14:50:58): [krb5_child[22847]] [k5c_send_data] (0x4000): Response sent.
- (2023-01-05 14:50:58): [krb5_child[22847]] [main] (0x0400): krb5_child completed successfully
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
