On Fri, Apr 11, 2014 at 01:22:54PM +0100, Rowland Penny wrote:
On 11/04/14 13:16, Jakub Hrozek wrote:
>On Fri, Apr 11, 2014 at 12:59:00PM +0100, Rowland Penny wrote:
>>OK, I take it all back, I am stupid ;-)
>>
>>Once I scanned the new logfile, it dawned on me what I had forgotten
>>to do, so I did it and now everything seems to be working ok.
>>
>>Oh, you want to know what I forgot to do?
>>
>>I forgot to export the keytab ;-)
>>
>>Rowland
>So the keytab was missing completely on the client? We should be more
>verbose about that -- was there not a syslog (journal) message or a
>level-0 DEBUG message? Since sssd failed to start, I think we should
>display why prominently.
>_______________________________________________
>sssd-users mailing list
>sssd-users(a)lists.fedorahosted.org
>https://lists.fedorahosted.org/mailman/listinfo/sssd-users
Hi, you have seen the relevant logs, and I couldn't see anything in
them about the keytab until I raised the debug_level as you
suggested, it was then obvious to me what I stupidly hadn't done.
;-)
Sorry, I should have tried to reproduce the bug myself first. To my
suprise, krb5_kt_resolve() returns success even if the keytab is
missing, so the DEBUG message that's already in the code was never
printed.
I'll send a patch to sssd-devel to fix this, thanks for reporting the
bug.
Note: I am not blaming sssd for the lack of a keytab, I should have
exported it, so it is all my fault.
Well, sssd should report the error in a meaningful way, not just roll over
and die.