On (14/04/15 22:27), Ola Nystrom wrote:
I was a bit unsure of the KEYRING-support myself.
But I have CentOS 6.6 and use KEYRING.
[ola@galaxy ~]$ kinit
Password for ola(a)ENSKEDE.LOCAL:
[ola@galaxy ~]$ klist
*Ticket cache: KEYRING:persistent:11103*
Default principal: ola(a)ENSKEDE.LOCAL
Valid starting Expires Service principal
04/14/15 22:27:09 04/15/15 08:27:13 krbtgt/ENSKEDE.LOCAL(a)ENSKEDE.LOCAL
renew until 04/21/15 22:27:09
[ola@galaxy ~]$ cat /etc/redhat-release
CentOS release 6.6 (Final)
Intresting :-)
I though problem is with keyring ccache due to following lines in log.
[sss_get_ccache_name_for_principal] (0x4000): Location: [KEYRING:persistent:11103]
[sss_get_ccache_name_for_principal] (0x2000): krb5_cc_cache_match failed:
[-1765328243][Can't find client principal ola(a)ENSKEDE.LOCAL in cache collection]
bu there is also line:
[krb5_mod_ccname] (0x4000): Save ccname [KEYRING:persistent:11103] for user [ola]
Do you have set enviroment variable KRB5CCNAME?
Could you try to export KRB5CCNAME=KEYRING:persistent:11103 after login?
It would help us to find whether ticket was created.
Please check time of creation.
LS