[Freeipa-users] strange gss failures in RHEL 6.3

Sumit Bose sbose at redhat.com
Thu Jun 28 05:52:36 UTC 2012


On Wed, Jun 27, 2012 at 10:35:00PM +0100, Dale Macartney wrote:
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Evening all
> 
> I have just updated my local RHEL 6 repositories from 6.2 to 6.3 and
> installed a new ipa server in a test network.
> 
> I get the following errors now despite having a valid tgt. This worked
> perfectly a few hours ago (before I updated the repos)
> 
> [root at ds01 ~]# date
> Wed Jun 27 22:31:01 BST 2012
> [root at ds01 ~]# kinit admin
> Password for admin at EXAMPLE.COM:
> [root at ds01 ~]# klist
> Ticket cache: FILE:/tmp/krb5cc_0
> Default principal: admin at EXAMPLE.COM
> 
> Valid starting     Expires            Service principal
> 06/27/12 22:31:06  06/28/12 22:31:04  krbtgt/EXAMPLE.COM at EXAMPLE.COM
> [root at ds01 ~]# date
> Wed Jun 27 22:31:10 BST 2012
> [root at ds01 ~]#
> [root at ds01 ~]#
> [root at ds01 ~]# ipa user-find
> ipa: ERROR: Local error: SASL(-1): generic failure: GSSAPI Error:
> Unspecified GSS failure.  Minor code may provide more information
> (Ticket not yet valid)
> [root at ds01 ~]#

Please check if there are some old tickets which might bestill used by
apache. Run

find /tmp/systemd-namespace-* -name krb5cc_48

(assuming your apache user has uid 48), delete the files listed here and
try ipa user-find again.

HTH

bye,
Sumit

> 
> 
> Has something changes from 6.2 to 6.3 that would cause this by any chance?
> 
> thanks
> 
> Dale
> 
> 
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.12 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
> 
> iQIcBAEBAgAGBQJP63x5AAoJEAJsWS61tB+qQfAQAI8uUnPqculxBQvFI8vvCeXF
> 9rH59lAuhXw6a4lo9Fs+oSwYC0+s78ONRfp9SxhdLFQ1P1lEUffNq5EpO76RQlBT
> IbT0+UOZwmLzZPOFCPhB/CFhVnnM27yNSp0QzskP/hjkkapJt5T1bszd7b/LTbXp
> F/Y3RnzXsW7iR7ccAPdj8iEAQOO2lBDYfMx35xuE6LQmvpjcvK1kltuFQWnHRTqf
> pHKnZHcsUw53WbqpGmBQElBzQ4hCdsXAEuMaxj87FmHgubIo4Tv/886260yIrWpr
> IHzUfrvTwhC1hMNeeXPhaFIUb0PGJLPkaOOLMKwFSdXMYTlpU4ZZma9Qo2XuMXEY
> BmJO3ae8vU7i4SdkJP9qq5HpYMyo31PtPN+axjc7f8rXNX7GUrCLe3gekanCimH4
> xzAC0bPTPRPH5GOPbSxw60KrGBXr3Ed0LyTpu2Ajg9h6AgJOKzEcezMnGNHyp6sv
> DXPL/AU1LWioiOR6kQ7ZqHuziSCj6vIRAEybljCwo8hKXeKcrTkExtCQgtCAVH9x
> cZlFT9vc5Hz4W2v4O2YCUPiZTQb1Ua+diq3RtzTb3oICZ/AxKfwJ7CsS5yZhOxRU
> kt0hbkkyDstO8M9zS0tvyKtXIMdIwAtthesOkQO2YGUsFBxQI0juPYlfWKY0/mKU
> tyCxmUcN3SEpKF2UTRFj
> =bxPG
> -----END PGP SIGNATURE-----
> 

> pub  4096R/B5B41FAA 2010-11-27 Dale Macartney <dbmacartney at gmail.com>
> uid                            Dale Macartney <dale.macartney at bskyb.com>
> uid                            Dale Macartney <dale at themacartneyclan.com>
> sub  4096R/CF50A682 2010-11-27 [verfällt: 2012-11-26]


> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users




More information about the Freeipa-users mailing list