[Freeipa-users] Permission Denied

Simo Sorce simo at redhat.com
Thu Sep 12 13:09:06 UTC 2013 

On Wed, 2013-09-11 at 19:49 -0500, Dean Hunter wrote:
> On Wed, 2013-09-11 at 11:49 -0400, Simo Sorce wrote: 
> > On Wed, 2013-09-11 at 10:39 -0500, Dean Hunter wrote:
> > > On Wed, 2013-09-11 at 11:20 -0400, Simo Sorce wrote: 
> > > > On Wed, 2013-09-11 at 08:39 -0500, Dean Hunter wrote:
> > > > 
> > > > > I do NOT believe this:
> > > > >         [dean at ipa2 ~]$ ssh dean at desktop2
> > > > >         Last login: Wed Sep 11 08:32:21 2013 from ipa2.hunter.org
> > > > >         Could not chdir to home directory /home/net/dean: Permission
> > > > >         denied
> > > > >         -bash: /home/net/dean/.bash_profile: Permission denied
> > > > >         
> > > > >         -bash-4.2$ logout
> > > > >         -bash: /home/net/dean/.bash_logout: Permission denied
> > > > >         Connection to desktop2 closed.
> > > > >         
> > > > >         [dean at ipa2 ~]$ su -
> > > > >         Password: 
> > > > >         
> > > > >         [root at ipa2 ~]# ssh dean at desktop2
> > > > >         dean at desktop2's password: 
> > > > >         Last login: Wed Sep 11 08:34:29 2013 from ipa2.hunter.org
> > > > >         
> > > > >         [dean at desktop2 ~]$ logout
> > > > >         Connection to desktop2 closed.
> > > > >         
> > > > >         [root at ipa2 ~]# logout
> > > > >         
> > > > >         [dean at ipa2 ~]$ ssh dean at desktop2
> > > > >         Last login: Wed Sep 11 08:35:16 2013 from ipa2.hunter.org
> > > > >         
> > > > >         [dean at desktop2 ~]$ 
> > > > > 
> > > > 
> > > > Are you using a kerberized NFS mount ?
> > > > 
> > > > I think what is happening is that when going via SSH rpc.gssd cannot
> > > > find your ticket, ssh may be doing something "wrong" in this case.
> > > > 
> > > > Simo.
> > > > 
> > > Yes, I am using Kerberos with NFS.
> > > 
> > > Should I report this as a bug?
> > > 
> > We need to decide what component is faulty. It may be possible we can
> > get it working somehow.
> > 
> > When you ssh in what is the ccache ssh assign you ?
> > can you run klist and post the output (sanitize it if needed) ?
> > 
> > Simo.
> > 
> I hope this is what you requested:

Yes it is, but I need to see also what you get on the successfull ssh
case, klist is all I need to see, no other output.

Also does it work all the time if you use the command

ssh -K dean at desktop2 ?


>         [dean at ipa2 ~]$ klist
>         Ticket cache: DIR::/run/user/1387400001/krb5cc/tktFDDxRR
>         Default principal: dean at HUNTER.ORG
>         
>         Valid starting     Expires            Service principal
>         09/11/13 19:43:28  09/12/13 19:43:28
>         krbtgt/HUNTER.ORG at HUNTER.ORG
>         
>         [dean at ipa2 ~]$ ssh dean at desktop2
>         Last login: Wed Sep 11 19:41:48 2013 from ipa2.hunter.org
>         Could not chdir to home directory /home/net/dean: Permission
>         denied
>         -bash: /home/net/dean/.bash_profile: Permission denied
>         
>         -bash-4.2$ hostname
>         desktop2.hunter.org
>         
>         -bash-4.2$ klist
>         klist: No credentials cache found (ticket cache
>         FILE:/tmp/krb5cc_1387400001)
>         
>         -bash-4.2$ logout
>         -bash: /home/net/dean/.bash_logout: Permission denied
>         Connection to desktop2 closed.
>         
>         [dean at ipa2 ~]$ klist
>         Ticket cache: DIR::/run/user/1387400001/krb5cc/tktFDDxRR
>         Default principal: dean at HUNTER.ORG
>         
>         Valid starting     Expires            Service principal
>         09/11/13 19:43:28  09/12/13 19:43:28
>         krbtgt/HUNTER.ORG at HUNTER.ORG
>         09/11/13 19:44:43  09/12/13 19:43:28
>         host/desktop2.hunter.org at HUNTER.ORG
>         
>         [dean at ipa2 ~]$ 
>         


-- 
Simo Sorce * Red Hat, Inc * New York

More information about the Freeipa-users mailing list