On (15/04/15 10:40), Ola Nystrom wrote:
>Ok, so I have to really remove all files. Not just use sss_cache as I do
>when I am lazy.
>
>It works now.
>
>[root@galaxy ~]# rm -f /var/lib/sss/mc/*
>[root@galaxy ~]# rm -f /var/lib/sss/db/*
>
>Then sssd use the config.
>
>sss_cache -E did not do the trick.
>
>http://pastebin.com/3KmEv61Z
>
>Question now is, if kerberos supports KEYRING and sssd supports KEYRING why
>does it not work with when sssd saved my ticket to the KEYRING on CentOS6.6
>?
I'm sure what kind of system do you use.
I was not able to kinit on el6.6 with exported KEYRING ccache.
and sssd returned pam system error (I was not able to authenticate)
krb5_child.log
--------------
[sss_get_ccache_name_for_principal] (0x4000): Location: [KEYRING:persistent:1239005441]
[sss_get_ccache_name_for_principal] (0x2000): krb5_cc_cache_match failed: [-1765328243][Can't find client principal lg-user1201-077648@SSSDAD.COM in cache collection]
[create_ccache] (0x4000): Initializing ccache of type [KEYRING]
[get_and_save_tgt] (0x0020): 1029: [-1765328187][Error writing to credentials cache]
[map_krb5_error] (0x0020): 1069: [-1765328187][Error writing to credentials cache]
[k5c_send_data] (0x0200): Received error code 1432158209
[pack_response_packet] (0x2000): response packet size: [20]
sssd_sssdad.com.log
--------------
[read_pipe_handler] (0x0400): EOF received, client finished
[parse_krb5_child_response] (0x1000): child response [1432158209][6][8].
[check_wait_queue] (0x1000): Wait queue for user [lg-user1201-077648] is empty.
[be_pam_handler_callback] (0x0100): Backend returned: (0, 4, <NULL>) [Success]
[be_pam_handler_callback] (0x0100): Sending result [4][sssdad.com]
[be_pam_handler_callback] (0x0100): Sent result [4][sssdad.com]
secure.log
--------------
Apr 15 04:11:32 hp-dl380pgen8-02-vm-6 su: pam_unix(su:session): session opened for user test by root(uid=0)
Apr 15 04:11:40 hp-dl380pgen8-02-vm-6 su: pam_unix(su:auth): authentication failure; logname=root uid=500 euid=0 tty=pts/6 ruser=test rhost= user=lg-user1201-077648@sssdad.com
Apr 15 04:11:42 hp-dl380pgen8-02-vm-6 su: pam_sss(su:auth): authentication failure; logname=root uid=500 euid=0 tty=pts/6 ruser=test rhost= user=lg-user1201-077648@sssdad.com
Apr 15 04:11:42 hp-dl380pgen8-02-vm-6 su: pam_sss(su:auth): received for user lg-user1201-077648@sssdad.com: 4 (System error)
shell with manually exported KRB5CCNAME=KEYRING:persistent:1239005441
--------------
[lg-user1201-077648@sssdad.com@test ~]$ getent passwd lg-user1201-077648@sssdad.com
lg-user1201-077648@sssdad.com:*:1239005441:1239000513:lg-user1201-077648:/home/sssdad.com/lg-user1201-077648:/bin/bash
[lg-user1201-077648@sssdad.com@test ~]$ env | grep KRB
KRB5CCNAME=KEYRING:persistent:1239005441
[lg-user1201-077648@sssdad.com@test ad_large_dataset]$ klist
klist: Key has been revoked while getting default ccache
Do you have default krb5 on CentOS6?
Is it a bare-metal machine, VM, or container?
LS
_______________________________________________
sssd-users mailing list
sssd-users@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-users