KSU fails to select the correct cache

Amir Saad eng__amir at hotmail.com
Wed Jan 16 07:34:56 EST 2008


Hi,



I setup Kerberos and OpenLDAP successfully. I installed NFS4 and it is
protected by Kerberos. Everything works fine at login, however; it
fails when I ksu. If I login as user2 (1002) and then try to ksu user1 (1001), I get
permission denied when I try to ls my home directory. I tried the
option -Z but it gave me: Permission Denied user1 has no permission to
access /tmp/krb5xxxxxxxx



Here is the log: gssd.rpc -vvvv

> > Jan 10 10:02:48 machine1 rpc.gssd[19083]: handling krb5 upcall

> > Jan 10 10:02:48 machine1 rpc.gssd[19083]: getting credentials for client

> > with uid 1001 for server nfs-server-machine

> > Jan 10 10:02:48 machine1 rpc.gssd[19083]: CC file 'krb5cc_1001.1' being

> > considered

> > Jan 10 10:02:48 machine1 rpc.gssd[19083]: CC file 'krb5cc_1002_cfxLz28926'

> > being considered

> > Jan 10 10:02:48 machine1 rpc.gssd[19083]: CC file 'krb5cc_machine_REALM'

> > being considered

> > Jan 10 10:02:48 machine1 rpc.gssd[19083]: using FILE:/tmp/krb5cc_1001 as

> > credentials cache for client with uid 1001 for server nfs-server-machine

> > Jan 10 10:02:48 machine1 rpc.gssd[19083]: using environment variable to

> > select krb5 ccache FILE:/tmp/krb5cc_1001

> > Jan 10 10:02:48 machine1 rpc.gssd[19083]: creating context using fsuid 1001

> > (save_uid 0)

> > Jan 10 10:02:48 machine1 rpc.gssd[19083]: ERROR: GSS-API: error in

> > gss_acquire_cre d(): Miscellaneous failure - Unknown code krb5 195

> > Jan 10 10:02:48 machine1 rpc.gssd[19083]: WARNING: Failed while limiting

> > krb5 encryption types for user with uid 1001

> > Jan 10 10:02:48 machine1 rpc.gssd[19083]: WARNING: Failed to create krb5

> > context for user with uid 1001 for server nfs-server-machine

> > Jan 10 10:02:48 machine1 rpc.gssd[19083]: doing error downcall


Platform:
Debian 4


Any help?



Thank you



Amir

_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today it's FREE!
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/


More information about the Kerberos mailing list