[gssproxy] Re: "No credentials cache found"; Fedora 23; gssproxy not searching /var/lib/gssproxy/clients

Hi Robbie, Thanks very much for your reply! I apologise but I was indeed mistaken with that statement. I should have said that gssproxy was only looking for 0.keytab rather than the actual user's keytab. I'm sorry for the misunderstanding. In case it would still be informative, here are the permissions for the keytabs and credential cache: -rw-------. 1 root root unconfined_u:object_r:gssproxy_var_lib_t:s0 538 Feb 23 19:06 40058920.keytab -rw-------. 1 root root unconfined_u:object_r:gssproxy_var_lib_t:s0 302 Feb 23 21:52 40059091.keytab -rw-------. 1 root root system_u:object_r:gssproxy_var_lib_t:s0 1575 Feb 23 19:10 krb5cc_40058920 -rw-------. 1 root root system_u:object_r:gssproxy_var_lib_t:s0 1619 Feb 23 21:53 krb5cc_40059091 I've since made a little bit of progress on the issue. When mounting the NFS share the journal is still being spammed with: gssproxy[642]: (OID: { 1 2 840 113554 1 2 2 }) Unspecified GSS failure. Minor code may provide more information, No credentials cache found However, restarting the gssproxy service via systemd stops the errors, and allows the credential cache for the required users to be created in /var/lib/gssproxy/clients/krb5cc_%U as expected. These errors recur on reboot. The biggest problem is I am unable to access the NFS shares using this credentials cache. When I try to do so as the user emby(a)EXAMPLE.COM (UID 40058920), I get this: strace -p $(pidof gssproxy) -s4096 -f [...] [pid 2913] read(4, "\0", 1) = 1 [pid 2913] epoll_ctl(5, EPOLL_CTL_ADD, 12, {EPOLLOUT|EPOLLERR|EPOLLHUP, {u32=2618044368, u64=94552028098512}}) = 0 [pid 2913] epoll_wait(5, [{EPOLLOUT, {u32=2618044368, u64=94552028098512}}], 1, 30000) = 1 [pid 2913] writev(12, [{"\200\0\4\320", 4}, {"[REDACTED]emby@EXAMPLE.COM[REDACTED](nfs/nfs-server.example.com@EXAMPLE.COM[REDACTED]/etc/krb5.conf[REDACTED]emby@EXAMPLE.COM[REDACTED]emby@EXAMPLE.COM[REDACTED]emby@EXAMPLE.COM[REDACTED](nfs/nfs-server.example.com@EXAMPLE.COM[REDACTED](nfs/nfs-server.example.com@EXAMPLE.COM(nfs/nfs-server.example.com(a)EXAMPLE.COM[REDACTED]", 1232}], 2) = 1236 [pid 2913] epoll_ctl(5, EPOLL_CTL_ADD, 12, {EPOLLIN|EPOLLERR|EPOLLHUP, {u32=2618044608, u64=94552028098752}}) = -1 EEXIST (File exists) [pid 2913] epoll_ctl(5, EPOLL_CTL_MOD, 12, {EPOLLIN|EPOLLOUT|EPOLLERR|EPOLLHUP, {u32=2618044368, u64=94552028098512}}) = 0 [pid 2913] epoll_ctl(5, EPOLL_CTL_MOD, 12, {EPOLLIN|EPOLLERR|EPOLLHUP, {u32=2618044608, u64=94552028098752}}) = 0 [pid 2913] epoll_wait(5, [{EPOLLIN|EPOLLHUP, {u32=2618044608, u64=94552028098752}}], 1, 30000) = 1 [pid 2913] read(12, "", 4) = 0 [pid 2913] close(12) = 0 [pid 2913] epoll_ctl(5, EPOLL_CTL_DEL, 12, 0x7fff055fa5e0) = -1 EBADF (Bad file descriptor) [pid 2913] epoll_wait(5, [], 1, 30000) = 0 I've redacted line 4 for brevity. Let me know if there is any more information I can provide. Thanks again for your consideration James