Ok, so I have to really remove all files. Not just use sss_cache as I do
when I am lazy.
It works now.
[root@galaxy ~]# rm -f /var/lib/sss/mc/*
[root@galaxy ~]# rm -f /var/lib/sss/db/*
Then sssd use the config.
sss_cache -E did not do the trick.
http://pastebin.com/3KmEv61Z
Question now is, if kerberos supports KEYRING and sssd supports KEYRING why
does it not work with when sssd saved my ticket to the KEYRING on CentOS6.6
?
On Wed, Apr 15, 2015 at 8:51 AM, Jakub Hrozek <jhrozek(a)redhat.com> wrote:
On Wed, Apr 15, 2015 at 08:21:08AM +0200, Lukas Slebodnik wrote:
> On (14/04/15 23:36), Ola Nystrom wrote:
> >Removed the line from krb5.conf
> >restarted sssd
> >
> >Still same issue
> >
> >[ola@galaxy ~]$ klist
> >klist: No credentials cache found while retrieving principal name
> >[ola@galaxy ~]$ kinit
> >Password for ola(a)ENSKEDE.LOCAL:
> >[ola@galaxy ~]$ klist
> >Ticket cache: KEYRING:persistent:11103
> >Default principal: ola(a)ENSKEDE.LOCAL
> >
> >Valid starting Expires Service principal
> >04/14/15 23:36:33 04/15/15 09:36:36 krbtgt/ENSKEDE.LOCAL(a)ENSKEDE.LOCAL
> > renew until 04/21/15 23:36:33
> >[ola@galaxy ~]$ cat /etc/krb5.conf
> >[logging]
> > default = FILE:/var/log/krb5libs.log
> > kdc = FILE:/var/log/krb5kdc.log
> > admin_server = FILE:/var/log/kadmind.log
> >
> >[libdefaults]
> > default_realm = ENSKEDE.LOCAL
> > dns_lookup_realm = true
> > dns_lookup_kdc = true
> > ticket_lifetime = 24h
> > renew_lifetime = 7d
> > forwardable = true
> > rdns = false
> >[ola@galaxy ~]$
> >
>
> Please try to find out in sssd log file whether ccache was created
(FILE).
> You should see full patch in log file to this ccache file. If the file
with
> ticket exists and is a valid (test with exporting KRB5CCNAME) then
> we need to figure out why the enviroment variable KRB5CCNAME was not set
after
> logging in
cache should be cleared, otherwise the KEYRING ccname might be reused..
_______________________________________________
sssd-users mailing list
sssd-users(a)lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-users
--
Ola Nyström
“OSI model jokes work on so many levels”
— jorge_rbs