---------- Forwarded message ---------- From: Simo Sorce simo@redhat.com Date: 2017-01-03 17:32 GMT+01:00 Subject: [gssproxy] Re: gssproxy broken on fedora To: The GSS-Proxy developers and users mailing list < gss-proxy@lists.fedorahosted.org>
On Mon, 2017-01-02 at 19:22 +0100, Rob Verduijn wrote:
Nope that does not work on either fc24 or fc25. I did not try centos73 since it already worked on that one.
Given you tried manually, make sure you delete the ccache before trying with the client_keytab setting.
If that doesn't work can you set debug = True in the global section and tell me if you get any useful output/error ?
Simo.
-- Simo Sorce * Red Hat, Inc * New York _______________________________________________ gss-proxy mailing list -- gss-proxy@lists.fedorahosted.org To unsubscribe send an email to gss-proxy-leave@lists.fedorahosted.org
Hi,
I checked for the cache, but there were no cache files present in /var/lib/gssproxy/clients. I cleaned the sssd cache. I set the debug entry, did a reboot, but also no log entries appeared
current /etc/gssproxy/gssproxy.conf
[gssproxy] debug=True
[service/HTTP] mechs = krb5 cred_store = keytab:/etc/gssproxy/http.keytab cred_store = ccache:/var/lib/gssproxy/clients/krb5cc_%U cred_store = client_keytab:/etc/gssproxy/http.keytab euid = 48
and tested it with su - apache -s /bin/bash
The mount works fine for a regular ipa user on fedora 24/25 according to systemctl status gssproxy the service is up and running,
[root@fedora-24 ~]# systemctl status gssproxy ● gssproxy.service - GSSAPI Proxy Daemon Loaded: loaded (/usr/lib/systemd/system/gssproxy.service; disabled; vendor preset: disabled) Active: active (running) since Wed 2017-01-04 10:05:55 CET; 8min ago Main PID: 987 (gssproxy) CGroup: /system.slice/gssproxy.service └─987 /usr/sbin/gssproxy -D
systemd[1]: Starting GSSAPI Proxy Daemon... gssproxy[972]: [2017/01/04 09:05:55]: Debug Enabled (level: 1) gssproxy[972]: [2017/01/04 09:05:55]: Client connected (fd = 10)[2017/01/04 09:05:55]: (pid = 987) (uid = 0) (gid = 0)[2017/01/04 09:05:55]: (context = system_u:system_r:kernel_t:s0)[2017/01/04 09:05:55]: Started GSSAPI Proxy Daemon.
Rob Verduijn