---------- Forwarded message ----------
From: Simo Sorce <simo@redhat.com>
Date: 2017-01-03 17:32 GMT+01:00
Subject: [gssproxy] Re: gssproxy broken on fedora
To: The GSS-Proxy developers and users mailing list <gss-proxy@lists.fedorahosted.org>

On Mon, 2017-01-02 at 19:22 +0100, Rob Verduijn wrote:
> Nope that does not work on either fc24 or fc25.
> I did not try centos73 since it already worked on that one.

Given you tried manually, make sure you delete the ccache before trying
with the client_keytab setting.

If that doesn't work can you set debug = True in the global section and
tell me if you get any useful output/error ?


Simo Sorce * Red Hat, Inc * New York
gss-proxy mailing list -- gss-proxy@lists.fedorahosted.org
To unsubscribe send an email to gss-proxy-leave@lists.fedorahosted.org


I checked for the cache, but there were no cache files present in /var/lib/gssproxy/clients.
I cleaned the sssd cache.
I set the debug entry, did a reboot, but also no log entries appeared

current /etc/gssproxy/gssproxy.conf


  mechs = krb5
  cred_store = keytab:/etc/gssproxy/http.keytab
  cred_store = ccache:/var/lib/gssproxy/clients/krb5cc_%U
  cred_store = client_keytab:/etc/gssproxy/http.keytab
  euid = 48

and tested it with
su - apache -s /bin/bash

The mount works fine for a regular ipa user on fedora 24/25
according to systemctl status gssproxy the service is up and running,

[root@fedora-24 ~]# systemctl status gssproxy
● gssproxy.service - GSSAPI Proxy Daemon
   Loaded: loaded (/usr/lib/systemd/system/gssproxy.service; disabled; vendor preset: disabled)
   Active: active (running) since Wed 2017-01-04 10:05:55 CET; 8min ago
 Main PID: 987 (gssproxy)
   CGroup: /system.slice/gssproxy.service
           └─987 /usr/sbin/gssproxy -D

systemd[1]: Starting GSSAPI Proxy Daemon...
gssproxy[972]: [2017/01/04 09:05:55]: Debug Enabled (level: 1)
gssproxy[972]: [2017/01/04 09:05:55]: Client connected (fd = 10)[2017/01/04 09:05:55]:  (pid = 987) (uid = 0) (gid = 0)[2017/01/04 09:05:55]:  (context = system_u:system_r:kernel_t:s0)[2017/01/04 09:05:55]:
Started GSSAPI Proxy Daemon.

Rob Verduijn