Hello all,

I've got this weird problem.

I have a server that uses kerberized mounts.

One service (squeezebox) uses a mount point and is able to access it using gssproxy.

But the other service (apache) is not able to access it using gssproxy.

This is my gssproxy.conf

[gssproxy]

[service/squeezebox]

mechs = krb5

cred_store = ccache:FILE:/var/lib/gssproxy/clients/krb5cc_squeezebox

cred_store = client_keytab:/etc/gssproxy/clients/squeezbox.keytab

cred_usage = initiate

euid = 997

[service/apache]

mechs = krb5

cred_store = ccache:FILE:/var/lib/gssproxy/clients/krb5cc_apache

cred_store = client_keytab:/etc/gssproxy/clients/httpd.keytab

cred_usage = initiate

euid = 48

And I triple checked the apache principal, it is definitely the right one.

I see this in the logs for the working service :

Client connected (fd = 10) (pid = 1625) (uid = 997) (gid = 997) (context =ystem_u:system_r:gssd_t:s0)

gp_rpc_execute: executing 6 (GSSX_ACQUIRE_CRED) for service "squeezebox", euid: 997, socket: (null)

gp_rpc_execute: executing 8 (GSSX_INIT_SEC_CONTEXT) for service "squeezebox", euid: 997, socket: (null)

a\but the apache service gives me:

Client connected (fd = 10) (pid = 1695) (uid = 48) (gid = 48) (context = system_u:system_r:gssd_t:s0)

gp_rpc_execute: executing 6 (GSSX_ACQUIRE_CRED) for service "apache", euid: 48, socket: (null)

Client connected (fd = 10) (pid = 1696) (uid = 48) (gid = 48) (context = system_u:system_r:gssd_t:s0)

gp_rpc_execute: executing 6 (GSSX_ACQUIRE_CRED) for service "apache", euid: 48, socket: (null)

Client connected (fd = 10) (pid = 1698) (uid = 48) (gid = 48) (context = system_u:system_r:gssd_t:s0)

gp_rpc_execute: executing 6 (GSSX_ACQUIRE_CRED) for service "apache", euid: 48, socket: (null)

Client connected (fd = 10) (pid = 1699) (uid = 48) (gid = 48) (context = system_u:system_r:gssd_t:s0)

gp_rpc_execute: executing 6 (GSSX_ACQUIRE_CRED) for service "apache", euid: 48, socket: (null)

Any ideas on what is causing the gssproxy to fail for apache ?

Rob