gss-proxy December 2014

gss-proxy@lists.fedorahosted.org

2 participants
4 discussions

[PATCH] Fix cast issue
by Simo Sorce 23 Mar '15

23 Mar '15

While looking at a bug I found this issue where we try to cast a pointer to an unsigned int to size_t. That doesn't work except by luck on a little endian machine, and even there if unsigned int != size_t (32 bit machines) overwrite other data so we've been also double lucky that whatever was overwritten didn't matter. I may find other issues but this was self-contained enough to merit its own patch sent out asap. Simo. -- Simo Sorce * Red Hat, Inc * New York

3 4

[PATCHES] Better logging for basic errors and tests fixes
by Simo Sorce 21 Mar '15

21 Mar '15

One of the most frequent issues with gss-proxy is that of acquiring credentials when interposing client processes. The attached patchset adds proper logging (to syslog or journal) when GSS-Proxy fails to acquire credentials. Hopefully it won't be too spammy. Also find attached a set of patches to fix the test framework which was not actually testing the GSS-Proxy daemon (oops :-) Simo. -- Simo Sorce * Red Hat, Inc * New York

1 2

gssproxy stopped working after upgrade to fedora 21.
by Rob Verduijn 14 Dec '14

14 Dec '14

Hello, I'ev recently upgraded my vm to fedora 21. Besides a little struggle with nfs (had to replace nfs.target with nfs-client.target) everything was up and running. Except gssproxy. I checked kvno,time,paths,cache and some more The nfs4 mounts work for a real user. Thing I noticed: The cache files no longer appear in /var/lib/gssproxy/clients the kdc logs show nothing when I try to access the mount with the apache account. the local logs also show nothing even though I set debug=true Any ideas on how to proceed with this one ? Rob gssproxy.conf : [gssproxy] [service/squeezebox] mechs = krb5 cred_store = ccache:FILE:/var/lib/gssproxy/clients/krb5cc_squeezebox cred_store = client_keytab:/etc/gssproxy/clients/squeezebox.keytab cred_usage = initiate euid = 997 debug = true [service/apache] mechs = krb5 cred_store = ccache:FILE:/var/lib/gssproxy/clients/krb5cc_apache cred_store = client_keytab:/etc/gssproxy/clients/apache.keytab cred_usage = initiate euid = 48 debug = true

2 1

gssproxy stopped working for apache
by Rob Verduijn 10 Dec '14

10 Dec '14

Hello all, I've got this weird problem. I have a server that uses kerberized mounts. One service (squeezebox) uses a mount point and is able to access it using gssproxy. But the other service (apache) is not able to access it using gssproxy. This is my gssproxy.conf [gssproxy] [service/squeezebox] mechs = krb5 cred_store = ccache:FILE:/var/lib/gssproxy/clients/krb5cc_squeezebox cred_store = client_keytab:/etc/gssproxy/clients/squeezbox.keytab cred_usage = initiate euid = 997 [service/apache] mechs = krb5 cred_store = ccache:FILE:/var/lib/gssproxy/clients/krb5cc_apache cred_store = client_keytab:/etc/gssproxy/clients/httpd.keytab cred_usage = initiate euid = 48 And I triple checked the apache principal, it is definitely the right one. I see this in the logs for the working service : Client connected (fd = 10) (pid = 1625) (uid = 997) (gid = 997) (context =ystem_u:system_r:gssd_t:s0) gp_rpc_execute: executing 6 (GSSX_ACQUIRE_CRED) for service "squeezebox", euid: 997, socket: (null) gp_rpc_execute: executing 8 (GSSX_INIT_SEC_CONTEXT) for service "squeezebox", euid: 997, socket: (null) gp_rpc_execute: executing 8 (GSSX_INIT_SEC_CONTEXT) for service "squeezebox", euid: 997, socket: (null) a\but the apache service gives me: Client connected (fd = 10) (pid = 1695) (uid = 48) (gid = 48) (context = system_u:system_r:gssd_t:s0) gp_rpc_execute: executing 6 (GSSX_ACQUIRE_CRED) for service "apache", euid: 48, socket: (null) Client connected (fd = 10) (pid = 1696) (uid = 48) (gid = 48) (context = system_u:system_r:gssd_t:s0) gp_rpc_execute: executing 6 (GSSX_ACQUIRE_CRED) for service "apache", euid: 48, socket: (null) Client connected (fd = 10) (pid = 1698) (uid = 48) (gid = 48) (context = system_u:system_r:gssd_t:s0) gp_rpc_execute: executing 6 (GSSX_ACQUIRE_CRED) for service "apache", euid: 48, socket: (null) Client connected (fd = 10) (pid = 1699) (uid = 48) (gid = 48) (context = system_u:system_r:gssd_t:s0) gp_rpc_execute: executing 6 (GSSX_ACQUIRE_CRED) for service "apache", euid: 48, socket: (null) Any ideas on what is causing the gssproxy to fail for apache ? Rob

2 3

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

gss-proxy December 2014