---------- Forwarded message ----------
From: Simo Sorce <simo(a)redhat.com>
Date: 2017-01-03 17:32 GMT+01:00
Subject: [gssproxy] Re: gssproxy broken on fedora
To: The GSS-Proxy developers and users mailing list <
gss-proxy(a)lists.fedorahosted.org>
On Mon, 2017-01-02 at 19:22 +0100, Rob Verduijn wrote:
Nope that does not work on either fc24 or fc25.
I did not try centos73 since it already worked on that one.
Given you tried manually, make sure you delete the ccache before trying
with the client_keytab setting.
If that doesn't work can you set debug = True in the global section and
tell me if you get any useful output/error ?
Simo.
--
Simo Sorce * Red Hat, Inc * New York
_______________________________________________
gss-proxy mailing list -- gss-proxy(a)lists.fedorahosted.org
To unsubscribe send an email to gss-proxy-leave(a)lists.fedorahosted.org
Hi,
I checked for the cache, but there were no cache files present in
/var/lib/gssproxy/clients.
I cleaned the sssd cache.
I set the debug entry, did a reboot, but also no log entries appeared
current /etc/gssproxy/gssproxy.conf
[gssproxy]
debug=True
[service/HTTP]
mechs = krb5
cred_store = keytab:/etc/gssproxy/http.keytab
cred_store = ccache:/var/lib/gssproxy/clients/krb5cc_%U
cred_store = client_keytab:/etc/gssproxy/http.keytab
euid = 48
and tested it with
su - apache -s /bin/bash
The mount works fine for a regular ipa user on fedora 24/25
according to systemctl status gssproxy the service is up and running,
[root@fedora-24 ~]# systemctl status gssproxy
● gssproxy.service - GSSAPI Proxy Daemon
Loaded: loaded (/usr/lib/systemd/system/gssproxy.service; disabled;
vendor preset: disabled)
Active: active (running) since Wed 2017-01-04 10:05:55 CET; 8min ago
Main PID: 987 (gssproxy)
CGroup: /system.slice/gssproxy.service
└─987 /usr/sbin/gssproxy -D
systemd[1]: Starting GSSAPI Proxy Daemon...
gssproxy[972]: [2017/01/04 09:05:55]: Debug Enabled (level: 1)
gssproxy[972]: [2017/01/04 09:05:55]: Client connected (fd = 10)[2017/01/04
09:05:55]: (pid = 987) (uid = 0) (gid = 0)[2017/01/04 09:05:55]: (context
= system_u:system_r:kernel_t:s0)[2017/01/04 09:05:55]:
Started GSSAPI Proxy Daemon.
Rob Verduijn