 |
 |
recently came across many errors of the form ``` 230308 17:28:44 5766 XrootdXeq: User authentication failed; Seckrb5: Unable to extract client name;; No translation available for requested principal ([log in to unmask]). ``` This message is misleading - the thing that fails translating to a local account name is not the server principal (which is logged here) but rather the one supplied by the client (which is not). Would it be possible to instead log the failing client principal in this case ? https://github.com/xrootd/xrootd/blob/master/src/XrdSeckrb5/XrdSecProtocolkrb5.cc#L503 has the failing condition but https://github.com/xrootd/xrootd/blob/master/src/XrdSeckrb5/XrdSecProtocolkrb5.cc#L530 then always logs (server) `Principal`. (underlying issue in our case was "accidentally" re-using a Kerberos credential cache, in the default location..) -- Reply to this email directly or view it on GitHub: https://github.com/xrootd/xrootd/issues/1948 You are receiving this because you are subscribed to this thread. Message ID: <[log in to unmask]> ######################################################################## Use REPLY-ALL to reply to list To unsubscribe from the XROOTD-DEV list, click the following link: https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1