[Freeipa-users] Permission Denied

Simo Sorce simo at redhat.com
Wed Sep 11 19:25:20 UTC 2013 

On Wed, 2013-09-11 at 12:08 -0400, Dmitri Pal wrote:
> On 09/11/2013 11:49 AM, Simo Sorce wrote:
> > On Wed, 2013-09-11 at 10:39 -0500, Dean Hunter wrote:
> >> On Wed, 2013-09-11 at 11:20 -0400, Simo Sorce wrote: 
> >>> On Wed, 2013-09-11 at 08:39 -0500, Dean Hunter wrote:
> >>>
> >>>> I do NOT believe this:
> >>>>         [dean at ipa2 ~]$ ssh dean at desktop2
> >>>>         Last login: Wed Sep 11 08:32:21 2013 from ipa2.hunter.org
> >>>>         Could not chdir to home directory /home/net/dean: Permission
> >>>>         denied
> >>>>         -bash: /home/net/dean/.bash_profile: Permission denied
> >>>>         
> >>>>         -bash-4.2$ logout
> >>>>         -bash: /home/net/dean/.bash_logout: Permission denied
> >>>>         Connection to desktop2 closed.
> >>>>         
> >>>>         [dean at ipa2 ~]$ su -
> >>>>         Password: 
> >>>>         
> >>>>         [root at ipa2 ~]# ssh dean at desktop2
> >>>>         dean at desktop2's password: 
> >>>>         Last login: Wed Sep 11 08:34:29 2013 from ipa2.hunter.org
> >>>>         
> >>>>         [dean at desktop2 ~]$ logout
> >>>>         Connection to desktop2 closed.
> >>>>         
> >>>>         [root at ipa2 ~]# logout
> >>>>         
> >>>>         [dean at ipa2 ~]$ ssh dean at desktop2
> >>>>         Last login: Wed Sep 11 08:35:16 2013 from ipa2.hunter.org
> >>>>         
> >>>>         [dean at desktop2 ~]$ 
> >>>>
> >>> Are you using a kerberized NFS mount ?
> >>>
> >>> I think what is happening is that when going via SSH rpc.gssd cannot
> >>> find your ticket, ssh may be doing something "wrong" in this case.
> >>>
> >>> Simo.
> >>>
> >> Yes, I am using Kerberos with NFS.
> >>
> >> Should I report this as a bug?
> >>
> > We need to decide what component is faulty. It may be possible we can
> > get it working somehow.
> >
> > When you ssh in what is the ccache ssh assign you ?
> > can you run klist and post the output (sanitize it if needed) ?
> >
> > Simo.
> >
> 
> Simo,
> 
> Would setting KRBCCACHE explicitly on the client help?

It depends, it would not help if you used GSSAPI SSO auth but did *not*
delegate your credentials for example, as you have no credentials on the
target system in that case.

Simo.

-- 
Simo Sorce * Red Hat, Inc * New York

More information about the Freeipa-users mailing list