KSU fails to select the correct cache
Amir Saad
eng__amir at hotmail.com
Wed Jan 16 07:34:56 EST 2008
Hi,
I setup Kerberos and OpenLDAP successfully. I installed NFS4 and it is
protected by Kerberos. Everything works fine at login, however; it
fails when I ksu. If I login as user2 (1002) and then try to ksu user1 (1001), I get
permission denied when I try to ls my home directory. I tried the
option -Z but it gave me: Permission Denied user1 has no permission to
access /tmp/krb5xxxxxxxx
Here is the log: gssd.rpc -vvvv
> > Jan 10 10:02:48 machine1 rpc.gssd[19083]: handling krb5 upcall
> > Jan 10 10:02:48 machine1 rpc.gssd[19083]: getting credentials for client
> > with uid 1001 for server nfs-server-machine
> > Jan 10 10:02:48 machine1 rpc.gssd[19083]: CC file 'krb5cc_1001.1' being
> > considered
> > Jan 10 10:02:48 machine1 rpc.gssd[19083]: CC file 'krb5cc_1002_cfxLz28926'
> > being considered
> > Jan 10 10:02:48 machine1 rpc.gssd[19083]: CC file 'krb5cc_machine_REALM'
> > being considered
> > Jan 10 10:02:48 machine1 rpc.gssd[19083]: using FILE:/tmp/krb5cc_1001 as
> > credentials cache for client with uid 1001 for server nfs-server-machine
> > Jan 10 10:02:48 machine1 rpc.gssd[19083]: using environment variable to
> > select krb5 ccache FILE:/tmp/krb5cc_1001
> > Jan 10 10:02:48 machine1 rpc.gssd[19083]: creating context using fsuid 1001
> > (save_uid 0)
> > Jan 10 10:02:48 machine1 rpc.gssd[19083]: ERROR: GSS-API: error in
> > gss_acquire_cre d(): Miscellaneous failure - Unknown code krb5 195
> > Jan 10 10:02:48 machine1 rpc.gssd[19083]: WARNING: Failed while limiting
> > krb5 encryption types for user with uid 1001
> > Jan 10 10:02:48 machine1 rpc.gssd[19083]: WARNING: Failed to create krb5
> > context for user with uid 1001 for server nfs-server-machine
> > Jan 10 10:02:48 machine1 rpc.gssd[19083]: doing error downcall
Platform:
Debian 4
Any help?
Thank you
Amir
_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today it's FREE!
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
More information about the Kerberos
mailing list