[29066] in Kerberos
KSU fails to select the correct cache
daemon@ATHENA.MIT.EDU (Amir Saad)
Wed Jan 16 07:35:52 2008
Message-ID: <BAY124-W3835F9FEBBB54B02D9AD3CB4400@phx.gbl>
From: Amir Saad <eng__amir@hotmail.com>
To: Kerberos <kerberos@mit.edu>
Date: Wed, 16 Jan 2008 14:34:56 +0200
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Hi,
I setup Kerberos and OpenLDAP successfully. I installed NFS4 and it is
protected by Kerberos. Everything works fine at login, however; it
fails when I ksu. If I login as user2 (1002) and then try to ksu user1 (1001), I get
permission denied when I try to ls my home directory. I tried the
option -Z but it gave me: Permission Denied user1 has no permission to
access /tmp/krb5xxxxxxxx
Here is the log: gssd.rpc -vvvv
> > Jan 10 10:02:48 machine1 rpc.gssd[19083]: handling krb5 upcall
> > Jan 10 10:02:48 machine1 rpc.gssd[19083]: getting credentials for client
> > with uid 1001 for server nfs-server-machine
> > Jan 10 10:02:48 machine1 rpc.gssd[19083]: CC file 'krb5cc_1001.1' being
> > considered
> > Jan 10 10:02:48 machine1 rpc.gssd[19083]: CC file 'krb5cc_1002_cfxLz28926'
> > being considered
> > Jan 10 10:02:48 machine1 rpc.gssd[19083]: CC file 'krb5cc_machine_REALM'
> > being considered
> > Jan 10 10:02:48 machine1 rpc.gssd[19083]: using FILE:/tmp/krb5cc_1001 as
> > credentials cache for client with uid 1001 for server nfs-server-machine
> > Jan 10 10:02:48 machine1 rpc.gssd[19083]: using environment variable to
> > select krb5 ccache FILE:/tmp/krb5cc_1001
> > Jan 10 10:02:48 machine1 rpc.gssd[19083]: creating context using fsuid 1001
> > (save_uid 0)
> > Jan 10 10:02:48 machine1 rpc.gssd[19083]: ERROR: GSS-API: error in
> > gss_acquire_cre d(): Miscellaneous failure - Unknown code krb5 195
> > Jan 10 10:02:48 machine1 rpc.gssd[19083]: WARNING: Failed while limiting
> > krb5 encryption types for user with uid 1001
> > Jan 10 10:02:48 machine1 rpc.gssd[19083]: WARNING: Failed to create krb5
> > context for user with uid 1001 for server nfs-server-machine
> > Jan 10 10:02:48 machine1 rpc.gssd[19083]: doing error downcall
Platform:
Debian 4
Any help?
Thank you
Amir
_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today it's FREE!
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
