<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
On 09/11/2013 08:49 PM, Dean Hunter wrote:
<blockquote cite="mid:1378946957.6584.2.camel@host.hunter.org"
type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=ISO-8859-1">
<meta name="GENERATOR" content="GtkHTML/4.6.6">
On Wed, 2013-09-11 at 11:49 -0400, Simo Sorce wrote:
<blockquote type="CITE">
<pre>On Wed, 2013-09-11 at 10:39 -0500, Dean Hunter wrote:
<font color="#737373">> On Wed, 2013-09-11 at 11:20 -0400, Simo Sorce wrote: </font>
<font color="#737373">> > On Wed, 2013-09-11 at 08:39 -0500, Dean Hunter wrote:</font>
<font color="#737373">> > </font>
<font color="#737373">> > > I do NOT believe this:</font>
<font color="#737373">> > > [dean@ipa2 ~]$ ssh dean@desktop2</font>
<font color="#737373">> > > Last login: Wed Sep 11 08:32:21 2013 from ipa2.hunter.org</font>
<font color="#737373">> > > Could not chdir to home directory /home/net/dean: Permission</font>
<font color="#737373">> > > denied</font>
<font color="#737373">> > > -bash: /home/net/dean/.bash_profile: Permission denied</font>
<font color="#737373">> > > </font>
<font color="#737373">> > > -bash-4.2$ logout</font>
<font color="#737373">> > > -bash: /home/net/dean/.bash_logout: Permission denied</font>
<font color="#737373">> > > Connection to desktop2 closed.</font>
<font color="#737373">> > > </font>
<font color="#737373">> > > [dean@ipa2 ~]$ su -</font>
<font color="#737373">> > > Password: </font>
<font color="#737373">> > > </font>
<font color="#737373">> > > [root@ipa2 ~]# ssh dean@desktop2</font>
<font color="#737373">> > > dean@desktop2's password: </font>
<font color="#737373">> > > Last login: Wed Sep 11 08:34:29 2013 from ipa2.hunter.org</font>
<font color="#737373">> > > </font>
<font color="#737373">> > > [dean@desktop2 ~]$ logout</font>
<font color="#737373">> > > Connection to desktop2 closed.</font>
<font color="#737373">> > > </font>
<font color="#737373">> > > [root@ipa2 ~]# logout</font>
<font color="#737373">> > > </font>
<font color="#737373">> > > [dean@ipa2 ~]$ ssh dean@desktop2</font>
<font color="#737373">> > > Last login: Wed Sep 11 08:35:16 2013 from ipa2.hunter.org</font>
<font color="#737373">> > > </font>
<font color="#737373">> > > [dean@desktop2 ~]$ </font>
<font color="#737373">> > > </font>
<font color="#737373">> > </font>
<font color="#737373">> > Are you using a kerberized NFS mount ?</font>
<font color="#737373">> > </font>
<font color="#737373">> > I think what is happening is that when going via SSH rpc.gssd cannot</font>
<font color="#737373">> > find your ticket, ssh may be doing something "wrong" in this case.</font>
<font color="#737373">> > </font>
<font color="#737373">> > Simo.</font>
<font color="#737373">> > </font>
<font color="#737373">> Yes, I am using Kerberos with NFS.</font>
<font color="#737373">> </font>
<font color="#737373">> Should I report this as a bug?</font>
<font color="#737373">> </font>
We need to decide what component is faulty. It may be possible we can
get it working somehow.
When you ssh in what is the ccache ssh assign you ?
can you run klist and post the output (sanitize it if needed) ?
Simo.
</pre>
</blockquote>
I hope this is what you requested:<br>
<blockquote> <tt><font size="2">[<a moz-do-not-send="true"
href="mailto:dean@ipa2">dean@ipa2</a> ~]$ klist</font></tt><br>
<tt><font size="2">Ticket cache:
DIR::/run/user/1387400001/krb5cc/tktFDDxRR</font></tt><br>
<tt><font size="2">Default principal: <a moz-do-not-send="true"
href="mailto:dean@HUNTER.ORG">dean@HUNTER.ORG</a></font></tt><br>
<br>
<tt><font size="2">Valid starting Expires Service
principal</font></tt><br>
<tt><font size="2">09/11/13 19:43:28 09/12/13 19:43:28 krbtgt/<a
moz-do-not-send="true" href="mailto:HUNTER.ORG@HUNTER.ORG">HUNTER.ORG@HUNTER.ORG</a></font></tt><br>
<br>
<tt><font size="2">[<a moz-do-not-send="true"
href="mailto:dean@ipa2">dean@ipa2</a> ~]$ ssh <a
moz-do-not-send="true" href="mailto:dean@desktop2">dean@desktop2</a></font></tt><br>
<tt><font size="2">Last login: Wed Sep 11 19:41:48 2013 from
ipa2.hunter.org</font></tt><br>
<tt><font size="2">Could not chdir to home directory
/home/net/dean: Permission denied</font></tt><br>
<tt><font size="2">-bash: /home/net/dean/.bash_profile:
Permission denied</font></tt><br>
<br>
<tt><font size="2">-bash-4.2$ hostname</font></tt><br>
<tt><font size="2">desktop2.hunter.org</font></tt><br>
<br>
<tt><font size="2">-bash-4.2$ klist</font></tt><br>
<tt><font size="2">klist: No credentials cache found (ticket
cache <a class="moz-txt-link-freetext" href="FILE:/tmp/krb5cc_1387400001">FILE:/tmp/krb5cc_1387400001</a>)</font></tt><br>
<br>
<tt><font size="2">-bash-4.2$ logout</font></tt><br>
<tt><font size="2">-bash: /home/net/dean/.bash_logout:
Permission denied</font></tt><br>
<tt><font size="2">Connection to desktop2 closed.</font></tt><br>
<br>
<tt><font size="2">[<a moz-do-not-send="true"
href="mailto:dean@ipa2">dean@ipa2</a> ~]$ klist</font></tt><br>
<tt><font size="2">Ticket cache:
DIR::/run/user/1387400001/krb5cc/tktFDDxRR</font></tt><br>
<tt><font size="2">Default principal: <a moz-do-not-send="true"
href="mailto:dean@HUNTER.ORG">dean@HUNTER.ORG</a></font></tt><br>
<br>
<tt><font size="2">Valid starting Expires Service
principal</font></tt><br>
<tt><font size="2">09/11/13 19:43:28 09/12/13 19:43:28 krbtgt/<a
moz-do-not-send="true" href="mailto:HUNTER.ORG@HUNTER.ORG">HUNTER.ORG@HUNTER.ORG</a></font></tt><br>
<tt><font size="2">09/11/13 19:44:43 09/12/13 19:43:28 host/<a
moz-do-not-send="true"
href="mailto:desktop2.hunter.org@HUNTER.ORG">desktop2.hunter.org@HUNTER.ORG</a></font></tt><br>
<br>
<tt><font size="2">[<a moz-do-not-send="true"
href="mailto:dean@ipa2">dean@ipa2</a> ~]$ </font></tt><br>
<br>
</blockquote>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Freeipa-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Freeipa-users@redhat.com">Freeipa-users@redhat.com</a>
<a class="moz-txt-link-freetext" href="https://www.redhat.com/mailman/listinfo/freeipa-users">https://www.redhat.com/mailman/listinfo/freeipa-users</a></pre>
</blockquote>
Do I get it right: you tried twice and the first time it did not
work while the second it did?<br>
There might be a race condition mounting your home directory using
your ticket.<br>
<br>
<pre class="moz-signature" cols="72">--
Thank you,
Dmitri Pal
Sr. Engineering Manager for IdM portfolio
Red Hat Inc.
-------------------------------
Looking to carve out IT costs?
<a class="moz-txt-link-abbreviated" href="http://www.redhat.com/carveoutcosts/">www.redhat.com/carveoutcosts/</a>
</pre>
</body>
</html>