[Freeipa-users] Permission Denied
Simo Sorce
simo at redhat.com
Wed Sep 11 19:25:20 UTC 2013
On Wed, 2013-09-11 at 12:08 -0400, Dmitri Pal wrote:
> On 09/11/2013 11:49 AM, Simo Sorce wrote:
> > On Wed, 2013-09-11 at 10:39 -0500, Dean Hunter wrote:
> >> On Wed, 2013-09-11 at 11:20 -0400, Simo Sorce wrote:
> >>> On Wed, 2013-09-11 at 08:39 -0500, Dean Hunter wrote:
> >>>
> >>>> I do NOT believe this:
> >>>> [dean at ipa2 ~]$ ssh dean at desktop2
> >>>> Last login: Wed Sep 11 08:32:21 2013 from ipa2.hunter.org
> >>>> Could not chdir to home directory /home/net/dean: Permission
> >>>> denied
> >>>> -bash: /home/net/dean/.bash_profile: Permission denied
> >>>>
> >>>> -bash-4.2$ logout
> >>>> -bash: /home/net/dean/.bash_logout: Permission denied
> >>>> Connection to desktop2 closed.
> >>>>
> >>>> [dean at ipa2 ~]$ su -
> >>>> Password:
> >>>>
> >>>> [root at ipa2 ~]# ssh dean at desktop2
> >>>> dean at desktop2's password:
> >>>> Last login: Wed Sep 11 08:34:29 2013 from ipa2.hunter.org
> >>>>
> >>>> [dean at desktop2 ~]$ logout
> >>>> Connection to desktop2 closed.
> >>>>
> >>>> [root at ipa2 ~]# logout
> >>>>
> >>>> [dean at ipa2 ~]$ ssh dean at desktop2
> >>>> Last login: Wed Sep 11 08:35:16 2013 from ipa2.hunter.org
> >>>>
> >>>> [dean at desktop2 ~]$
> >>>>
> >>> Are you using a kerberized NFS mount ?
> >>>
> >>> I think what is happening is that when going via SSH rpc.gssd cannot
> >>> find your ticket, ssh may be doing something "wrong" in this case.
> >>>
> >>> Simo.
> >>>
> >> Yes, I am using Kerberos with NFS.
> >>
> >> Should I report this as a bug?
> >>
> > We need to decide what component is faulty. It may be possible we can
> > get it working somehow.
> >
> > When you ssh in what is the ccache ssh assign you ?
> > can you run klist and post the output (sanitize it if needed) ?
> >
> > Simo.
> >
>
> Simo,
>
> Would setting KRBCCACHE explicitly on the client help?
It depends, it would not help if you used GSSAPI SSO auth but did *not*
delegate your credentials for example, as you have no credentials on the
target system in that case.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the Freeipa-users
mailing list