Sure, I have that envirnment variable defined.
[ola@galaxy ~]$ export | grep KRB5CCNAME
declare -x KRB5CCNAME="KEYRING:persistent:11103"
[ola@galaxy ~]$ klist
klist: No credentials cache found while retrieving principal name
[ola@galaxy ~]$ kinit
Password for ola(a)ENSKEDE.LOCAL:
[ola@galaxy ~]$ klist
Ticket cache: KEYRING:persistent:11103
Default principal: ola(a)ENSKEDE.LOCAL
Valid starting Expires Service principal
04/14/15 23:08:55 04/15/15 09:08:58 krbtgt/ENSKEDE.LOCAL(a)ENSKEDE.LOCAL
renew until 04/21/15 23:08:55
[ola@galaxy ~]$ grep ola /etc/passwd
[ola@galaxy ~]$ getent passwd ola
ola:*:11103:11116:Ola Nystrom:/home/ola:/bin/bash
On Tue, Apr 14, 2015 at 11:02 PM, Lukas Slebodnik <lslebodn(a)redhat.com>
wrote:
On (14/04/15 22:27), Ola Nystrom wrote:
>I was a bit unsure of the KEYRING-support myself.
>But I have CentOS 6.6 and use KEYRING.
>
>[ola@galaxy ~]$ kinit
>Password for ola(a)ENSKEDE.LOCAL:
>[ola@galaxy ~]$ klist
>*Ticket cache: KEYRING:persistent:11103*
>Default principal: ola(a)ENSKEDE.LOCAL
>
>Valid starting Expires Service principal
>04/14/15 22:27:09 04/15/15 08:27:13 krbtgt/ENSKEDE.LOCAL(a)ENSKEDE.LOCAL
> renew until 04/21/15 22:27:09
>[ola@galaxy ~]$ cat /etc/redhat-release
>CentOS release 6.6 (Final)
>
Intresting :-)
I though problem is with keyring ccache due to following lines in log.
[sss_get_ccache_name_for_principal] (0x4000): Location:
[KEYRING:persistent:11103]
[sss_get_ccache_name_for_principal] (0x2000): krb5_cc_cache_match failed:
[-1765328243][Can't find client principal ola(a)ENSKEDE.LOCAL in cache
collection]
bu there is also line:
[krb5_mod_ccname] (0x4000): Save ccname [KEYRING:persistent:11103] for
user [ola]
Do you have set enviroment variable KRB5CCNAME?
Could you try to export KRB5CCNAME=KEYRING:persistent:11103 after login?
It would help us to find whether ticket was created.
Please check time of creation.
LS
_______________________________________________
sssd-users mailing list
sssd-users(a)lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-users
--
Ola Nyström
“OSI model jokes work on so many levels”
— jorge_rbs