[Freeipa-users] ipa: ERROR: did not receive Kerberos credentials
Rashard.Kelly at sita.aero
Rashard.Kelly at sita.aero
Fri Apr 11 12:56:37 UTC 2014
Thanks for the command!
[rkelly at liipaxs007p ~]$ strace -o /tmp/klist.out -s 512 klist
klist: Credentials cache permissions incorrect while setting cache flags
(ticket cache FILE:/tmp/krb5cc_1599100000_CUkupo)
[rkelly at liipaxs007p ~]$ cat klist.out
execve("/usr/bin/klist", ["klist"], [/* 25 vars */]) = 0
brk(0) = 0x7f0e2e93a000
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0x7f0e2e64c000
access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or
directory)
open("/etc/ld.so.cache", O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=33362, ...}) = 0
mmap(NULL, 33362, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f0e2e643000
close(3) = 0
open("/lib64/libkrb5.so.3", O_RDONLY) = 3
read(3,
"\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0000\264\201\2426\0\0\0@\0\0\0\0\0\0\0\210b\16\0\0\0\0\0\0\0\0\0@\0008\0\7\0@\0\37\0\36\0\1\0\0\0\5\0\0\0\0\0\0\0\0\0\0\0\0\0\200\2426\0\0\0\0\0\200\2426\0\0\0d\240\r\0\0\0\0\0d\240\r\0\0\0\0\0\0\0
\0\0\0\0\0\1\0\0\0\6\0\0\0X\252\r\0\0\0\0\0X\252\255\2426\0\0\0X\252\255\2426\0\0\0\360\254\0\0\0\0\0\0H\260\0\0\0\0\0\0\0\0
\0\0\0\0\0\2\0\0\0\6\0\0\0`:\16\0\0\0\0\0`:\256\2426\0\0\0`:\256\2426\0\0\0\0\2\0\0\0\0\0\0\0\2\0\0\0\0\0\0\10\0\0\0\0\0\0\0\4\0\0\0\4\0\0\0\310\1\0\0\0\0\0\0\310\1\200\2426\0\0\0\310\1\200\2426\0\0\0$\0\0\0\0\0\0\0$\0\0\0\0\0\0\0\4\0\0\0\0\0\0\0P\345td\4\0\0\0\340d\f\0\0\0\0\0\340d\214\2426\0\0\0\340d\214\2426\0\0\0$1\0\0\0\0\0\0$1\0\0\0\0\0\0\4\0\0\0\0\0\0\0Q\345td\6\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\10\0\0\0\0\0\0\0R\345td\4\0\0\0X\252\r\0\0\0\0\0X\252\255\2426\0\0\0X\252\255\2426\0\0\0\250\225\0\0\0\0\0\0\250\225\0\0\0\0\0\0\1\0\0\0\0\0\0\0\4\0\0\0\24\0\0\0\3\0\0\0GNU\0\225\353\267L,\n\36\27\0244 at 6\24Z\0029\377\244\211-\0\0\0\0\t\2\0\0\350\0\0\0@\0\0\0\f\0\0\0"...,
832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=944712, ...}) = 0
mmap(NULL, 3037856, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0)
= 0x7f0e2e148000
mprotect(0x7f0e2e223000, 2093056, PROT_NONE) = 0
mmap(0x7f0e2e422000, 49152, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xda000) = 0x7f0e2e422000
close(3) = 0
open("/lib64/libk5crypto.so.3", O_RDONLY) = 3
read(3,
"\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\320C\300(7\0\0\0@\0\0\0\0\0\0\0\260\255\2\0\0\0\0\0\0\0\0\0@\0008\0\7\0@\0\37\0\36\0\1\0\0\0\5\0\0\0\0\0\0\0\0\0\0\0\0\0\300(7\0\0\0\0\0\300(7\0\0\0\324\206\2\0\0\0\0\0\324\206\2\0\0\0\0\0\0\0
\0\0\0\0\0\1\0\0\0\6\0\0\0@\221\2\0\0\0\0\0@\221\342(7\0\0\0@\221\342(7\0\0\0\230\21\0\0\0\0\0\0h
\0\0\0\0\0\0\0\0
\0\0\0\0\0\2\0\0\0\6\0\0\0H\235\2\0\0\0\0\0H\235\342(7\0\0\0H\235\342(7\0\0\0\340\1\0\0\0\0\0\0\340\1\0\0\0\0\0\0\10\0\0\0\0\0\0\0\4\0\0\0\4\0\0\0\310\1\0\0\0\0\0\0\310\1\300(7\0\0\0\310\1\300(7\0\0\0$\0\0\0\0\0\0\0$\0\0\0\0\0\0\0\4\0\0\0\0\0\0\0P\345td\4\0\0\0\334W\2\0\0\0\0\0\334W\302(7\0\0\0\334W\302(7\0\0\0\274\6\0\0\0\0\0\0\274\6\0\0\0\0\0\0\4\0\0\0\0\0\0\0Q\345td\6\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\10\0\0\0\0\0\0\0R\345td\4\0\0\0@\221\2\0\0\0\0\0@\221\342(7\0\0\0@\221\342(7\0\0\0\300\16\0\0\0\0\0\0\300\16\0\0\0\0\0\0\1\0\0\0\0\0\0\0\4\0\0\0\24\0\0\0\3\0\0\0GNU\0\320.}1I\225\1\30\0\232\201\231t4\342\213}\236\311\262\0\0\0\0a\0\0\0-\0\0\0\20\0\0\0\n\0\0\0"...,
832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=177520, ...}) = 0
mmap(NULL, 2273704, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0)
= 0x7f0e2df1c000
mprotect(0x7f0e2df45000, 2097152, PROT_NONE) = 0
mmap(0x7f0e2e145000, 8192, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x29000) = 0x7f0e2e145000
mmap(0x7f0e2e147000, 424, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f0e2e147000
close(3) = 0
open("/lib64/libcom_err.so.2", O_RDONLY) = 3
read(3,
"\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\360\23\0\2436\0\0\0@\0\0\0\0\0\0\0\250;\0\0\0\0\0\0\0\0\0\0@\0008\0\10\0@\0\37\0\36\0\1\0\0\0\5\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2436\0\0\0\0\0\0\2436\0\0\0\214$\0\0\0\0\0\0\214$\0\0\0\0\0\0\0\0
\0\0\0\0\0\1\0\0\0\6\0\0\0\254-\0\0\0\0\0\0\254- \2436\0\0\0\254-
\2436\0\0\0\214\3\0\0\0\0\0\0\4\4\0\0\0\0\0\0\0\0
\0\0\0\0\0\2\0\0\0\6\0\0\0\360-\0\0\0\0\0\0\360- \2436\0\0\0\360-
\2436\0\0\0\260\1\0\0\0\0\0\0\260\1\0\0\0\0\0\0\10\0\0\0\0\0\0\0\4\0\0\0\4\0\0\0\0\2\0\0\0\0\0\0\0\2\0\2436\0\0\0\0\2\0\2436\0\0\0$\0\0\0\0\0\0\0$\0\0\0\0\0\0\0\4\0\0\0\0\0\0\0\7\0\0\0\4\0\0\0\254-\0\0\0\0\0\0\254-
\2436\0\0\0\254-
\2436\0\0\0\0\0\0\0\0\0\0\0\31\0\0\0\0\0\0\0\1\0\0\0\0\0\0\0P\345td\4\0\0\0\304
\0\0\0\0\0\0\304 \0\2436\0\0\0\304
\0\2436\0\0\0\254\0\0\0\0\0\0\0\254\0\0\0\0\0\0\0\4\0\0\0\0\0\0\0Q\345td\6\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\10\0\0\0\0\0\0\0R\345td\4\0\0\0\254-\0\0\0\0\0\0\254-
\2436\0\0\0\254-
\2436\0\0\0T\2\0\0\0\0\0\0T\2\0\0\0\0\0\0\1\0\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=17256, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0x7f0e2e642000
mmap(NULL, 2109872, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0)
= 0x7f0e2dd18000
mprotect(0x7f0e2dd1b000, 2093056, PROT_NONE) = 0
mmap(0x7f0e2df1a000, 8192, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2000) = 0x7f0e2df1a000
close(3) = 0
open("/lib64/libkrb5support.so.0", O_RDONLY) = 3
read(3,
"\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0@*@(7\0\0\0@\0\0\0\0\0\0\0`\255\0\0\0\0\0\0\0\0\0\0@\0008\0\7\0@\0\37\0\36\0\1\0\0\0\5\0\0\0\0\0\0\0\0\0\0\0\0\0@(7\0\0\0\0\0@(7\0\0\0\f\233\0\0\0\0\0\0\f\233\0\0\0\0\0\0\0\0
\0\0\0\0\0\1\0\0\0\6\0\0\0\360\234\0\0\0\0\0\0\360\234`(7\0\0\0\360\234`(7\0\0\0\300\5\0\0\0\0\0\0`\7\0\0\0\0\0\0\0\0
\0\0\0\0\0\2\0\0\0\6\0\0\0P\235\0\0\0\0\0\0P\235`(7\0\0\0P\235`(7\0\0\0\360\1\0\0\0\0\0\0\360\1\0\0\0\0\0\0\10\0\0\0\0\0\0\0\4\0\0\0\4\0\0\0\310\1\0\0\0\0\0\0\310\1@(7\0\0\0\310\1@(7\0\0\0$\0\0\0\0\0\0\0$\0\0\0\0\0\0\0\4\0\0\0\0\0\0\0P\345td\4\0\0\0\354\206\0\0\0\0\0\0\354\206@(7\0\0\0\354\206@(7\0\0\0D\3\0\0\0\0\0\0D\3\0\0\0\0\0\0\4\0\0\0\0\0\0\0Q\345td\6\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\10\0\0\0\0\0\0\0R\345td\4\0\0\0\360\234\0\0\0\0\0\0\360\234`(7\0\0\0\360\234`(7\0\0\0\20\3\0\0\0\0\0\0\20\3\0\0\0\0\0\0\1\0\0\0\0\0\0\0\4\0\0\0\24\0\0\0\3\0\0\0GNU\0Z\374\276\240\326.\3403W\24\314\272\267\272\200\216*\26\2\214\0\0\0\0%\0\0\0J\0\0\0\10\0\0\0\t\0\0\0"...,
832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=46368, ...}) = 0
mmap(NULL, 2139216, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0)
= 0x7f0e2db0d000
mprotect(0x7f0e2db17000, 2093056, PROT_NONE) = 0
mmap(0x7f0e2dd16000, 8192, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x9000) = 0x7f0e2dd16000
close(3) = 0
open("/lib64/libkeyutils.so.1", O_RDONLY) = 3
read(3,
"\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\360\v\0(7\0\0\0@\0\0\0\0\0\0\0\360)\0\0\0\0\0\0\0\0\0\0@\0008\0\7\0@\0\35\0\34\0\1\0\0\0\5\0\0\0\0\0\0\0\0\0\0\0\0\0\0(7\0\0\0\0\0\0(7\0\0\0l\25\0\0\0\0\0\0l\25\0\0\0\0\0\0\0\0
\0\0\0\0\0\1\0\0\0\6\0\0\0\340\35\0\0\0\0\0\0\340\35 (7\0\0\0\340\35
(7\0\0\0`\2\0\0\0\0\0\0p\2\0\0\0\0\0\0\0\0
\0\0\0\0\0\2\0\0\0\6\0\0\0\20\36\0\0\0\0\0\0\20\36 (7\0\0\0\20\36
(7\0\0\0\300\1\0\0\0\0\0\0\300\1\0\0\0\0\0\0\10\0\0\0\0\0\0\0\4\0\0\0\4\0\0\0\310\1\0\0\0\0\0\0\310\1\0(7\0\0\0\310\1\0(7\0\0\0$\0\0\0\0\0\0\0$\0\0\0\0\0\0\0\4\0\0\0\0\0\0\0P\345td\4\0\0\0\350\21\0\0\0\0\0\0\350\21\0(7\0\0\0\350\21\0(7\0\0\0\324\0\0\0\0\0\0\0\324\0\0\0\0\0\0\0\4\0\0\0\0\0\0\0Q\345td\6\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\10\0\0\0\0\0\0\0R\345td\4\0\0\0\340\35\0\0\0\0\0\0\340\35
(7\0\0\0\340\35 (7\0\0\0 \2\0\0\0\0\0\0
\2\0\0\0\0\0\0\1\0\0\0\0\0\0\0\4\0\0\0\24\0\0\0\3\0\0\0GNU\0\212\2074\33470]\214\302\357\217\214>^\2401q\333\7\354\0\0\0\0\21\0\0\0\10\0\0\0\4\0\0\0\10\0\0\0"...,
832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=12592, ...}) = 0
mmap(NULL, 2105424, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0)
= 0x7f0e2d90a000
mprotect(0x7f0e2d90c000, 2093056, PROT_NONE) = 0
mmap(0x7f0e2db0b000, 8192, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1000) = 0x7f0e2db0b000
close(3) = 0
open("/lib64/libresolv.so.2", O_RDONLY) = 3
read(3,
"\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\00009\0%7\0\0\0@\0\0\0\0\0\0\0\340\263\1\0\0\0\0\0\0\0\0\0@\0008\0\t\0@\0%\0$\0\6\0\0\0\5\0\0\0@\0\0\0\0\0\0\0@\0\0%7\0\0\0@\0\0%7\0\0\0\370\1\0\0\0\0\0\0\370\1\0\0\0\0\0\0\10\0\0\0\0\0\0\0\3\0\0\0\4\0\0\0\2607\1\0\0\0\0\0\2607\1%7\0\0\0\2607\1%7\0\0\0\34\0\0\0\0\0\0\0\34\0\0\0\0\0\0\0\20\0\0\0\0\0\0\0\1\0\0\0\5\0\0\0\0\0\0\0\0\0\0\0\0\0\0%7\0\0\0\0\0\0%7\0\0\0$Y\1\0\0\0\0\0$Y\1\0\0\0\0\0\0\0
\0\0\0\0\0\1\0\0\0\6\0\0\0\300d\1\0\0\0\0\0\300d!%7\0\0\0\300d!%7\0\0\0\240\r\0\0\0\0\0\0\3105\0\0\0\0\0\0\0\0
\0\0\0\0\0\2\0\0\0\6\0\0\0\350m\1\0\0\0\0\0\350m!%7\0\0\0\350m!%7\0\0\0\300\1\0\0\0\0\0\0\300\1\0\0\0\0\0\0\10\0\0\0\0\0\0\0\4\0\0\0\4\0\0\0008\2\0\0\0\0\0\0008\2\0%7\0\0\0008\2\0%7\0\0\0D\0\0\0\0\0\0\0D\0\0\0\0\0\0\0\4\0\0\0\0\0\0\0P\345td\4\0\0\0\3147\1\0\0\0\0\0\3147\1%7\0\0\0\3147\1%7\0\0\0\254\3\0\0\0\0\0\0\254\3\0\0\0\0\0\0\4\0\0\0\0\0\0\0Q\345td\6\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\10\0\0\0\0\0\0\0"...,
832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=113952, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0x7f0e2e641000
mmap(NULL, 2202248, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0)
= 0x7f0e2d6f0000
mprotect(0x7f0e2d706000, 2097152, PROT_NONE) = 0
mmap(0x7f0e2d906000, 8192, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x16000) = 0x7f0e2d906000
mmap(0x7f0e2d908000, 6792, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f0e2d908000
close(3) = 0
open("/lib64/libselinux.so.1", O_RDONLY) = 3
read(3,
"\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0PX@$7\0\0\0@\0\0\0\0\0\0\0\20\337\1\0\0\0\0\0\0\0\0\0@\0008\0\10\0@\0\37\0\36\0\1\0\0\0\5\0\0\0\0\0\0\0\0\0\0\0\0\0@$7\0\0\0\0\0@$7\0\0\0\274\306\1\0\0\0\0\0\274\306\1\0\0\0\0\0\0\0
\0\0\0\0\0\1\0\0\0\6\0\0\0\20\315\1\0\0\0\0\0\20\315a$7\0\0\0\20\315a$7\0\0\0\224\7\0\0\0\0\0\0H\32\0\0\0\0\0\0\0\0
\0\0\0\0\0\2\0\0\0\6\0\0\0\240\315\1\0\0\0\0\0\240\315a$7\0\0\0\240\315a$7\0\0\0\260\1\0\0\0\0\0\0\260\1\0\0\0\0\0\0\10\0\0\0\0\0\0\0\4\0\0\0\4\0\0\0\0\2\0\0\0\0\0\0\0\2@$7\0\0\0\0\2@$7\0\0\0$\0\0\0\0\0\0\0$\0\0\0\0\0\0\0\4\0\0\0\0\0\0\0\7\0\0\0\4\0\0\0\20\315\1\0\0\0\0\0\20\315a$7\0\0\0\20\315a$7\0\0\0\0\0\0\0\0\0\0\0\241\0\0\0\0\0\0\0\10\0\0\0\0\0\0\0P\345td\4\0\0\0\324\217\1\0\0\0\0\0\324\217A$7\0\0\0\324\217A$7\0\0\0\274\10\0\0\0\0\0\0\274\10\0\0\0\0\0\0\4\0\0\0\0\0\0\0Q\345td\6\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\10\0\0\0\0\0\0\0R\345td\4\0\0\0\20\315\1\0\0\0\0\0\20\315a$7\0\0\0\20\315a$7\0\0\0\360\2\0\0\0\0\0\0\360\2\0\0\0\0\0\0\1\0\0\0\0\0\0\0"...,
832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=124624, ...}) = 0
mmap(NULL, 2221912, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0)
= 0x7f0e2d4d1000
mprotect(0x7f0e2d4ee000, 2093056, PROT_NONE) = 0
mmap(0x7f0e2d6ed000, 8192, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1c000) = 0x7f0e2d6ed000
mmap(0x7f0e2d6ef000, 1880, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f0e2d6ef000
close(3) = 0
open("/lib64/libdl.so.2", O_RDONLY) = 3
read(3,
"\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\340\r\200\"7\0\0\0@\0\0\0\0\0\0\0\310N\0\0\0\0\0\0\0\0\0\0@\0008\0\t\0@\0%\0$\0\6\0\0\0\5\0\0\0@\0\0\0\0\0\0\0@\0\200\"7\0\0\0@\0\200\"7\0\0\0\370\1\0\0\0\0\0\0\370\1\0\0\0\0\0\0\10\0\0\0\0\0\0\0\3\0\0\0\4\0\0\0P\32\0\0\0\0\0\0P\32\200\"7\0\0\0P\32\200\"7\0\0\0\34\0\0\0\0\0\0\0\34\0\0\0\0\0\0\0\20\0\0\0\0\0\0\0\1\0\0\0\5\0\0\0\0\0\0\0\0\0\0\0\0\0\200\"7\0\0\0\0\0\200\"7\0\0\0\360\37\0\0\0\0\0\0\360\37\0\0\0\0\0\0\0\0
\0\0\0\0\0\1\0\0\0\6\0\0\0`-\0\0\0\0\0\0`-\240\"7\0\0\0`-\240\"7\0\0\0\30\3\0\0\0\0\0\0\240\3\0\0\0\0\0\0\0\0
\0\0\0\0\0\2\0\0\0\6\0\0\0\240-\0\0\0\0\0\0\240-\240\"7\0\0\0\240-\240\"7\0\0\0\360\1\0\0\0\0\0\0\360\1\0\0\0\0\0\0\10\0\0\0\0\0\0\0\4\0\0\0\4\0\0\0008\2\0\0\0\0\0\0008\2\200\"7\0\0\0008\2\200\"7\0\0\0D\0\0\0\0\0\0\0D\0\0\0\0\0\0\0\4\0\0\0\0\0\0\0P\345td\4\0\0\0l\32\0\0\0\0\0\0l\32\200\"7\0\0\0l\32\200\"7\0\0\0\264\0\0\0\0\0\0\0\264\0\0\0\0\0\0\0\4\0\0\0\0\0\0\0Q\345td\6\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\10\0\0\0\0\0\0\0"...,
832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=22536, ...}) = 0
mmap(NULL, 2109696, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0)
= 0x7f0e2d2cd000
mprotect(0x7f0e2d2cf000, 2097152, PROT_NONE) = 0
mmap(0x7f0e2d4cf000, 8192, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2000) = 0x7f0e2d4cf000
close(3) = 0
open("/lib64/libc.so.6", O_RDONLY) = 3
read(3,
"\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0000\356\301\"7\0\0\0@\0\0\0\0\0\0\0PS\35\0\0\0\0\0\0\0\0\0@\0008\0\n\0@\0M\0L\0\6\0\0\0\5\0\0\0@\0\0\0\0\0\0\0@\0\300\"7\0\0\0@\0\300\"7\0\0\0000\2\0\0\0\0\0\0000\2\0\0\0\0\0\0\10\0\0\0\0\0\0\0\3\0\0\0\4\0\0\0
\251\25\0\0\0\0\0 \251\325\"7\0\0\0
\251\325\"7\0\0\0\34\0\0\0\0\0\0\0\34\0\0\0\0\0\0\0\20\0\0\0\0\0\0\0\1\0\0\0\5\0\0\0\0\0\0\0\0\0\0\0\0\0\300\"7\0\0\0\0\0\300\"7\0\0\0\324\240\30\0\0\0\0\0\324\240\30\0\0\0\0\0\0\0
\0\0\0\0\0\1\0\0\0\6\0\0\0\0\247\30\0\0\0\0\0\0\247\370\"7\0\0\0\0\247\370\"7\0\0\0\230F\0\0\0\0\0\0\10\222\0\0\0\0\0\0\0\0
\0\0\0\0\0\2\0\0\0\6\0\0\0@\333\30\0\0\0\0\0@\333\370\"7\0\0\0@\333\370\"7\0\0\0\360\1\0\0\0\0\0\0\360\1\0\0\0\0\0\0\10\0\0\0\0\0\0\0\4\0\0\0\4\0\0\0p\2\0\0\0\0\0\0p\2\300\"7\0\0\0p\2\300\"7\0\0\0D\0\0\0\0\0\0\0D\0\0\0\0\0\0\0\4\0\0\0\0\0\0\0\7\0\0\0\4\0\0\0\0\247\30\0\0\0\0\0\0\247\370\"7\0\0\0\0\247\370\"7\0\0\0\20\0\0\0\0\0\0\0h\0\0\0\0\0\0\0\10\0\0\0\0\0\0\0P\345td\4\0\0\0<\251\25\0\0\0\0\0<\251\325\"7\0\0\0<\251\325\"7\0\0\0$f\0\0\0\0\0\0$f\0\0\0\0\0\0\4\0\0\0\0\0\0\0"...,
832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=1926800, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0x7f0e2e640000
mmap(NULL, 3750152, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0)
= 0x7f0e2cf39000
mprotect(0x7f0e2d0c4000, 2093056, PROT_NONE) = 0
mmap(0x7f0e2d2c3000, 20480, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x18a000) = 0x7f0e2d2c3000
mmap(0x7f0e2d2c8000, 18696, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f0e2d2c8000
close(3) = 0
open("/lib64/libpthread.so.0", O_RDONLY) = 3
read(3,
"\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\340]@\2436\0\0\0@\0\0\0\0\0\0\0\250/\2\0\0\0\0\0\0\0\0\0@\0008\0\t\0@\0)\0(\0\6\0\0\0\5\0\0\0@\0\0\0\0\0\0\0@\0@\2436\0\0\0@\0@\2436\0\0\0\370\1\0\0\0\0\0\0\370\1\0\0\0\0\0\0\10\0\0\0\0\0\0\0\3\0\0\0\4\0\0\0000\30\1\0\0\0\0\0000\30A\2436\0\0\0000\30A\2436\0\0\0\34\0\0\0\0\0\0\0\34\0\0\0\0\0\0\0\20\0\0\0\0\0\0\0\1\0\0\0\5\0\0\0\0\0\0\0\0\0\0\0\0\0@\2436\0\0\0\0\0@\2436\0\0\0\360m\1\0\0\0\0\0\360m\1\0\0\0\0\0\0\0
\0\0\0\0\0\1\0\0\0\6\0\0\0\220{\1\0\0\0\0\0\220{a\2436\0\0\0\220{a\2436\0\0\0\340\6\0\0\0\0\0\0`H\0\0\0\0\0\0\0\0
\0\0\0\0\0\2\0\0\0\6\0\0\0\220}\1\0\0\0\0\0\220}a\2436\0\0\0\220}a\2436\0\0\0\360\1\0\0\0\0\0\0\360\1\0\0\0\0\0\0\10\0\0\0\0\0\0\0\4\0\0\0\4\0\0\0008\2\0\0\0\0\0\0008\2@\2436\0\0\0008\2@\2436\0\0\0D\0\0\0\0\0\0\0D\0\0\0\0\0\0\0\4\0\0\0\0\0\0\0P\345td\4\0\0\0L\30\1\0\0\0\0\0L\30A\2436\0\0\0L\30A\2436\0\0\0\\\n\0\0\0\0\0\0\\\n\0\0\0\0\0\0\4\0\0\0\0\0\0\0Q\345td\6\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\10\0\0\0\0\0\0\0"...,
832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=145896, ...}) = 0
mmap(NULL, 2212848, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0)
= 0x7f0e2cd1c000
mprotect(0x7f0e2cd33000, 2097152, PROT_NONE) = 0
mmap(0x7f0e2cf33000, 8192, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x17000) = 0x7f0e2cf33000
mmap(0x7f0e2cf35000, 13296, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f0e2cf35000
close(3) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0x7f0e2e63f000
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0x7f0e2e63d000
arch_prctl(ARCH_SET_FS, 0x7f0e2e63d7c0) = 0
mprotect(0x7f0e2cf33000, 4096, PROT_READ) = 0
mprotect(0x7f0e2d2c3000, 16384, PROT_READ) = 0
mprotect(0x7f0e2d4cf000, 4096, PROT_READ) = 0
mprotect(0x7f0e2d6ed000, 4096, PROT_READ) = 0
mprotect(0x7f0e2d906000, 4096, PROT_READ) = 0
mprotect(0x7f0e2db0b000, 4096, PROT_READ) = 0
mprotect(0x7f0e2dd16000, 4096, PROT_READ) = 0
mprotect(0x7f0e2df1a000, 4096, PROT_READ) = 0
mprotect(0x7f0e2e145000, 4096, PROT_READ) = 0
mprotect(0x7f0e2e422000, 40960, PROT_READ) = 0
mprotect(0x7f0e2e855000, 4096, PROT_READ) = 0
mprotect(0x7f0e2e64d000, 4096, PROT_READ) = 0
munmap(0x7f0e2e643000, 33362) = 0
set_tid_address(0x7f0e2e63da90) = 21876
set_robust_list(0x7f0e2e63daa0, 0x18) = 0
futex(0x7fffd260e7cc, FUTEX_WAKE_PRIVATE, 1) = 0
futex(0x7fffd260e7cc, FUTEX_WAIT_BITSET_PRIVATE|FUTEX_CLOCK_REALTIME, 1,
NULL, 7f0e2e63d7c0) = -1 EAGAIN (Resource temporarily unavailable)
rt_sigaction(SIGRTMIN, {0x7f0e2cd21c60, [], SA_RESTORER|SA_SIGINFO,
0x7f0e2cd2b710}, NULL, 8) = 0
rt_sigaction(SIGRT_1, {0x7f0e2cd21cf0, [],
SA_RESTORER|SA_RESTART|SA_SIGINFO, 0x7f0e2cd2b710}, NULL, 8) = 0
rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0
getrlimit(RLIMIT_STACK, {rlim_cur=10240*1024, rlim_max=RLIM_INFINITY}) = 0
statfs("/selinux", {f_type="EXT2_SUPER_MAGIC", f_bsize=4096,
f_blocks=2967348, f_bfree=2276402, f_bavail=2125670, f_files=753664,
f_ffree=693049, f_fsid={-1461466328, -1363287150}, f_namelen=255,
f_frsize=4096}) = 0
brk(0) = 0x7f0e2e93a000
brk(0x7f0e2e95b000) = 0x7f0e2e95b000
open("/proc/filesystems", O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0444, st_size=0, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0x7f0e2e64b000
read(3,
"nodev\tsysfs\nnodev\trootfs\nnodev\tbdev\nnodev\tproc\nnodev\tcgroup\nnodev\tcpuset\nnodev\ttmpfs\nnodev\tdevtmpfs\nnodev\tbinfmt_misc\nnodev\tdebugfs\nnodev\tsecurityfs\nnodev\tsockfs\nnodev\tusbfs\nnodev\tpipefs\nnodev\tanon_inodefs\nnodev\tinotifyfs\nnodev\tdevpts\nnodev\tramfs\nnodev\thugetlbfs\n\tiso9660\nnodev\tpstore\nnodev\tmqueue\n\text4\n\text3\nnodev\tautofs\n",
1024) = 323
read(3, "", 1024) = 0
close(3) = 0
munmap(0x7f0e2e64b000, 4096) = 0
open("/usr/lib/locale/locale-archive", O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=99158576, ...}) = 0
mmap(NULL, 99158576, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f0e26e8b000
close(3) = 0
open("/etc/localtime", O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=118, ...}) = 0
fstat(3, {st_mode=S_IFREG|0644, st_size=118, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0x7f0e2e64b000
read(3,
"TZif2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\1\0\0\0\1\0\0\0\0\0\0\0\0\0\0\0\1\0\0\0\4\0\0\0\0\0\0UTC\0\0\0TZif2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\1\0\0\0\1\0\0\0\0\0\0\0\0\0\0\0\1\0\0\0\4\0\0\0\0\0\0UTC\0\0\0\nUTC0\n",
4096) = 118
lseek(3, -62, SEEK_CUR) = 56
read(3,
"TZif2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\1\0\0\0\1\0\0\0\0\0\0\0\0\0\0\0\1\0\0\0\4\0\0\0\0\0\0UTC\0\0\0\nUTC0\n",
4096) = 62
close(3) = 0
munmap(0x7f0e2e64b000, 4096) = 0
futex(0x7f0e2dd17308, FUTEX_WAKE_PRIVATE, 2147483647) = 0
futex(0x7f0e2dd17290, FUTEX_WAKE_PRIVATE, 2147483647) = 0
futex(0x7f0e2e42d2c0, FUTEX_WAKE_PRIVATE, 2147483647) = 0
futex(0x7f0e2e42d730, FUTEX_WAKE_PRIVATE, 2147483647) = 0
stat("/etc/krb5.conf", {st_mode=S_IFREG|0644, st_size=742, ...}) = 0
open("/etc/krb5.conf", O_RDONLY) = 3
fcntl(3, F_SETFD, FD_CLOEXEC) = 0
fstat(3, {st_mode=S_IFREG|0644, st_size=742, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0x7f0e2e64b000
read(3, "includedir /var/lib/sss/pubconf/krb5.include.d/\n\n[logging]\n
default = FILE:/var/log/krb5libs.log\n kdc = FILE:/var/log/krb5kdc.log\n
admin_server = FILE:/var/log/kadmind.log\n\n[libdefaults]\n default_realm
= IPA2.DC.SITA.AERO\n dns_lookup_realm = false\n dns_lookup_kdc = true\n
rdns = false\n ticket_lifetime = 24h\n forwardable = yes\n\n[realms]\n
IPA2.DC.SITA.AERO = {\n kdc = liipaxs007p.ipa2.dc.sita.aero:88\n
master_kdc = liipaxs007p.ipa2.dc.sita.aero:88\n admin_server =
liipaxs007p.ipa2.dc.sita.aero:749\n default_do"..., 4096) = 742
open("/var/lib/sss/pubconf/krb5.include.d/",
O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = 4
fcntl(4, F_GETFD) = 0x1 (flags FD_CLOEXEC)
getdents(4, /* 2 entries */, 32768) = 48
getdents(4, /* 0 entries */, 32768) = 0
close(4) = 0
read(3, "", 4096) = 0
close(3) = 0
munmap(0x7f0e2e64b000, 4096) = 0
open("/dev/urandom", O_RDONLY) = 3
fcntl(3, F_SETFD, FD_CLOEXEC) = 0
fstat(3, {st_mode=S_IFCHR|0666, st_rdev=makedev(1, 9), ...}) = 0
read(3,
"\202\263\251V\30000$IrwS*D\21\213\357x\234CmP\300~\253\235\233$\311\231u\17\221\16\315\4\245\266w\20\356A|\2759\3756\361\360H}\242A\16Nt6D\25F\3\211:1",
64) = 64
close(3) = 0
open("/dev/urandom", O_RDONLY) = 3
fcntl(3, F_SETFD, FD_CLOEXEC) = 0
fstat(3, {st_mode=S_IFCHR|0666, st_rdev=makedev(1, 9), ...}) = 0
read(3,
"\226\10\337\230\205\301@\32xC\241\n\337C\3707(\350\324\356\361\267\252\210Xv7\354\376\263\344\177\241\357\275\271\317\201\255\352\240\223\32\325~\232_\3353=\212z\276\0Z\27786s\250\30\312\351\331",
64) = 64
close(3) = 0
futex(0x7f0e2e1462c0, FUTEX_WAKE_PRIVATE, 2147483647) = 0
open("/tmp/krb5cc_1599100000_CUkupo", O_RDONLY) = -1 EACCES (Permission
denied)
open("/usr/share/locale/locale.alias", O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=2512, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0x7f0e2e64b000
read(3, "# Locale name alias data base.\n# Copyright (C)
1996-2001,2003,2007 Free Software Foundation, Inc.\n#\n# This program is
free software; you can redistribute it and/or modify\n# it under the terms
of the GNU General Public License as published by\n# the Free Software
Foundation; either version 2, or (at your option)\n# any later
version.\n#\n# This program is distributed in the hope that it will be
useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty
of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR "..., 4096) = 2512
read(3, "", 4096) = 0
close(3) = 0
munmap(0x7f0e2e64b000, 4096) = 0
open("/usr/share/locale/en_US.UTF-8/LC_MESSAGES/mit-krb5.mo", O_RDONLY) =
-1 ENOENT (No such file or directory)
open("/usr/share/locale/en_US.utf8/LC_MESSAGES/mit-krb5.mo", O_RDONLY) =
-1 ENOENT (No such file or directory)
open("/usr/share/locale/en_US/LC_MESSAGES/mit-krb5.mo", O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=410, ...}) = 0
mmap(NULL, 410, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f0e2e64b000
close(3) = 0
open("/usr/share/locale/en.UTF-8/LC_MESSAGES/mit-krb5.mo", O_RDONLY) = -1
ENOENT (No such file or directory)
open("/usr/share/locale/en.utf8/LC_MESSAGES/mit-krb5.mo", O_RDONLY) = -1
ENOENT (No such file or directory)
open("/usr/share/locale/en/LC_MESSAGES/mit-krb5.mo", O_RDONLY) = -1 ENOENT
(No such file or directory)
write(2, "klist", 5) = 5
write(2, ": ", 2) = 2
write(2, "Credentials cache permissions incorrect", 39) = 39
write(2, " ", 1) = 1
write(2, "while setting cache flags (ticket cache
FILE:/tmp/krb5cc_1599100000_CUkupo)", 75) = 75
ioctl(2, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo
...}) = 0
ioctl(2, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo
...}) = 0
write(2, "\n", 1) = 1
exit_group(1)
Thank You,
Rashard Kelly
From: Sumit Bose <sbose at redhat.com>
To: Rashard.Kelly at sita.aero
Cc: freeipa-users at redhat.com
Date: 04/10/2014 02:44 PM
Subject: Re: [Freeipa-users] ipa: ERROR: did not receive Kerberos
credentials
On Thu, Apr 10, 2014 at 02:32:06PM -0400, Rashard.Kelly at sita.aero wrote:
> SELinux is disabled, I changed the permissions back to the old ones and
I
> have the problem again, although as root I can kinit as myself and can
run
> commands. But not as the regular user. Do you have any strace examples
to
> share?
>
>
> [root at replicahostname /tmp]# ll -Za
> drwxrwxrwt. root root system_u:object_r:tmp_t:s0 .
> dr-xr-xr-x. root root system_u:object_r:root_t:s0 ..
> -rw------- rkelly rkelly ? .bash_history
> drwxrwxrwt root root ? .ICE-unix
> drwxrwxr-x rkelly rkelly ? .ipa
> -r-------- root root ? krb5cc_0
> -r-------- xs05144 xs05144 ? krb5cc_1599000020_u5RRhd
> -r-------- rkelly rkelly ? krb5cc_1599100000_CUkupo
> -r-------- rkelly rkelly ? krb5cc_1599100000_ZekyY0
> -r-------- apache apache ? krb5cc_48
> =
>
> [root at replicahostname /tmp]# klist
> klist: Credentials cache permissions incorrect while setting cache flags
> (ticket cache FILE:/tmp/krb5cc_1599100000_CUkupo)
strace -o /tmp/klist.out -s 512 klist
The needed output will be in /tmp/klist.out.
bye,
Sumit
>
>
> [root at liipaxs007p /tmp]# cat /etc/sysconfig/selinux
> # This file controls the state of SELinux on the system.
> # SELINUX= can take one of these three values:
> # enforcing - SELinux security policy is enforced.
> # permissive - SELinux prints warnings instead of enforcing.
> # disabled - SELinux is fully disabled.
> SELINUX=disabled
> # SELINUXTYPE= type of policy in use. Possible values are:
> # targeted - Only targeted network daemons are protected.
> # strict - Full SELinux protection.
> SELINUXTYPE=targeted
>
>
> Thank You,
> Rashard Kelly
>
>
>
>
> From: Sumit Bose <sbose at redhat.com>
> To: Rashard.Kelly at sita.aero
> Cc: freeipa-users at redhat.com
> Date: 04/10/2014 12:31 PM
> Subject: Re: [Freeipa-users] ipa: ERROR: did not receive Kerberos
> credentials
>
>
>
> On Thu, Apr 10, 2014 at 11:55:05AM -0400, Rashard.Kelly at sita.aero wrote:
> > I can run commands after changing the permissions on the files, but
why
> is
> > it generating files that are not world readable?
> >
> > [rkelly at replicahostname ~]$ ll
> > total 84
> > -rw-r--r-- 1 root root 2428 Apr 9 22:34 krb5cc_0
> > -rw-r--r-- 1 xs05144 xs05144 1146 Apr 3 16:10
> krb5cc_1599000020_u5RRhd
> > -rw-r--r-- 1 rkelly rkelly 569 Apr 10 15:14
> krb5cc_1599100000_CUkupo
> > -rw-r--r-- 1 rkelly rkelly 1873 Apr 9 23:40
> krb5cc_1599100000_ZekyY0
> > -rw-r--r-- 1 apache apache 662 Apr 10 06:02 krb5cc_48
>
> Please don't do this, the credential cache files are similar to your
> password, only the user itself should be allowed to read it.
>
> When you use ls with the -Z option there is a '?' where the SELinux
> context should be printed. Maybe there are issues with your SELinux
> setup which prevent access to the ccache files? Can you try SELinux in
> permissive mode? If there are still issues running klist which strace
> might give some more details why the ccache file cannot be read.
>
> HTH
>
> bye,
> Sumit
>
> >
> > [rkelly at replicahostname ~]$ klist
> > Ticket cache: FILE:/tmp/krb5cc_1599100000_CUkupo
> > Default principal: rkelly at DOMAIN
> >
> > Valid starting Expires Service principal
> > 04/10/14 15:14:40 04/11/14 15:14:40 krbtgt/IPA2.DC.SITA.AERO at DOMAIN
> >
> > [rkelly at replicahostname ~]$ ipa user-find kelly
> > --------------
> > 1 user matched
> > --------------
> > User login: rkelly
> > First name: Rashard
> > Last name: KElly
> > Home directory: /home/rkelly
> > Login shell: /bin/sh
> > Email address: rkelly at domain
> > UID: 1599100000
> > GID: 1599100000
> > Account disabled: False
> > Password: True
> > Kerberos keys available: True
> > ----------------------------
> > Number of entries returned 1
> > ----------------------------
> > Thank You,
> > Rashard Kelly
> >
> >
> >
> > From: Rashard.Kelly at sita.aero
> > To: Alexander Bokovoy <abokovoy at redhat.com>
> > Cc: freeipa-users at redhat.com
> > Date: 04/10/2014 08:42 AM
> > Subject: Re: [Freeipa-users] ipa: ERROR: did not receive
Kerberos
>
> > credentials
> > Sent by: freeipa-users-bounces at redhat.com
> >
> >
> >
> > The krb5 files are not readable by everyone. There are multiple krb5
> files
> > in tmp, should they automatically be readable by all? BTW our users do
> not
> > have home directories if that makes a difference.
> >
> > [rkelly at replicahostname ~]$ ls -lZ /tmp |grep krb
> > -rw------- root root ? krb5cc_0
> > -rw------- xs05144 xs05144 ? krb5cc_1599000020_u5RRhd
> > -rw------- rkelly rkelly ? krb5cc_1599100000_oKtZFE
> > -rw------- rkelly rkelly ? krb5cc_1599100000_ZekyY0
> > -rw------- apache apache ? krb5cc_48
> >
> > ipa-server-selinux-3.0.0-37.el6.x86_64
> > ipa-client-3.0.0-37.el6.x86_64
> > ipa-server-3.0.0-37.el6.x86_64
> > ipa-pki-common-theme-9.0.3-7.el6.noarch
> > libipa_hbac-python-1.9.2-129.el6_5.4.x86_64
> > ipa-python-3.0.0-37.el6.x86_64
> > ipa-admintools-3.0.0-37.el6.x86_64
> > ipa-pki-ca-theme-9.0.3-7.el6.noarch
> > libipa_hbac-1.9.2-129.el6_5.4.x86_64
> > python-iniparse-0.3.1-2.1.el6.noarch
> >
> > [rkelly at replicahostname ~]$ cat /proc/mounts | grep /tmp
> > /dev/mapper/system-tmp_vol /tmp ext4
rw,relatime,barrier=1,data=ordered
> 0
> > 0
> > [rkelly at replicahostname ~]$ echo $KRB5CCNAME
> > FILE:/tmp/krb5cc_1599100000_oKtZFE
> >
> > [rkelly at replicahostname ~]$ ls -lZ /tmp/krb5cc_1599100000_oKtZFE
> > -rw------- rkelly rkelly ? /tmp/krb5cc_1599100000_oKtZFE
> >
> > [rkelly at replicahostname ~]$ KRB5_TRACE=/dev/stderr kinit
> > [14559] 1397132474.221287: Getting initial credentials for
rkelly at DOMAIN
>
> > [14559] 1397132474.221510: Sending request (191 bytes) to DOMAIN
> > [14559] 1397132474.221677: Sending initial UDP request to dgram
> > 10.228.20.25:88
> > [14559] 1397132474.225248: Received answer from dgram 10.228.20.25:88
> > [14559] 1397132474.225287: Response was from master KDC
> > [14559] 1397132474.225306: Received error from KDC:
> -1765328359/Additional
> > pre-authentication required
> > [14559] 1397132474.225331: Processing preauth types: 136, 19, 2, 133
> > [14559] 1397132474.225343: Selected etype info: etype aes256-cts, salt
> > "IPA2.DC.SITA.AEROrkelly", params ""
> > [14559] 1397132474.225346: Received cookie: MIT
> > Password for rkelly at DOMAIN:
> > [14559] 1397132484.255381: AS key obtained for encrypted timestamp:
> > aes256-cts/DBF7
> > [14559] 1397132484.255432: Encrypted timestamp (for
1397132484.255390):
> > plain 301AA011180F32303134303431303132323132345AA105020303E59E,
> encrypted
> >
>
321A6A1E297880D1E2D1BF069D6D44136D7A2A0D3AAFC3209CB9B4E5BAAE59E928559E47FD0A140F68D377A8398D7CAB4B735D0612247A7C
>
> >
> > [14559] 1397132484.255453: Preauth module encrypted_timestamp (2)
> > (flags=1) returned: 0/Success
> > [14559] 1397132484.255457: Produced preauth for next request: 133, 2
> > [14559] 1397132484.255474: Sending request (286 bytes) to DOMAIN
> (master)
> > [14559] 1397132484.255560: Sending initial UDP request to dgram
> > 10.228.20.25:88
> > [14559] 1397132484.262563: Received answer from dgram 10.228.20.25:88
> > [14559] 1397132484.262593: Processing preauth types: 19
> > [14559] 1397132484.262600: Selected etype info: etype aes256-cts, salt
> > "DOMAINrkelly", params ""
> > [14559] 1397132484.262603: Produced preauth for next request: (empty)
> > [14559] 1397132484.262609: AS key determined by preauth:
aes256-cts/DBF7
>
> > [14559] 1397132484.262650: Decrypted AS reply; session key is:
> > aes256-cts/B097
> > [14559] 1397132484.262664: FAST negotiation: available
> > [14559] 1397132484.262681: Initializing
> FILE:/tmp/krb5cc_1599100000_oKtZFE
> > with default princ rkelly at DOMAIN
> >
> > [rkelly at replicahostname ~]$ KRB5_TRACE=/dev/stderr klist
> > klist: Credentials cache permissions incorrect while setting cache
flags
>
> > (ticket cache FILE:/tmp/krb5cc_1599100000_oKtZFE)
> >
> > --
> >
> >
> > Thank You,
> > Rashard Kelly
> >
> >
> >
> >
> > From: Alexander Bokovoy <abokovoy at redhat.com>
> > To: Rashard.Kelly at sita.aero
> > Cc: freeipa-users at redhat.com
> > Date: 04/10/2014 03:25 AM
> > Subject: Re: [Freeipa-users] ipa: ERROR: did not receive
Kerberos
>
> > credentials
> >
> >
> >
> > On Thu, 10 Apr 2014, Rashard.Kelly at sita.aero wrote:
> > >Hello all
> > >
> > >
> > >When I try to execute and commands from the an ipa-replica I get
> > >
> > >[rkelly at replicahostname ~]$ ipa user-find
> > >ipa: ERROR: did not receive Kerberos credentials
> > >[rkelly at replicahostname ~]$ kinit
> > >Password for rkelly at IPA2.DC.SITA.AERO:
> > >[rkelly at replicahostname ~]$ ipa user-find
> > >ipa: ERROR: did not receive Kerberos credentials
> > >[rkelly at replicahostname ~]$ klist
> > >klist: Credentials cache permissions incorrect while setting cache
> flags
> > >(ticket cache FILE:/tmp/krb5cc_1599100000_qojy7v)
> > >
> > >I thought perhaps the two are out of sync
> > >[root at replicahostname ~]# ipa-replica-manage re-initialize --from
> > >liipaxs010p.ipa2.dc.sita.aero
> > >Invalid password
> > >
> > >
> > >ipa-replica-conncheck says communication is ok.
> > >
> > >I looked at the httpd, secure,and krb log and none show any activity
> when
> > >I execute the commands above. Im lost any clues as to where I can
look
> > for
> > >answers?
> > Let's put IPA commands aside and first find out what's wrong with your
> > Kerberos infra. Looking at your ticket cache file name
> > (FILE:/tmp/krb5cc_1599100000_qojy7v) I assume you have come to this
> > machine via SSH and the ticket cache is created by the sshd or sssd.
> >
> > The message you received out of klist is shown if ccache file is
either:
> > - unaccessible for the user
> > - is a directory rather than a file
> > - is a broken symlink
> > - blocked by some app with explusive locks
> > - cannot be open for a write
> >
> > Please provide output of
> > $ cat /proc/mounts | grep /tmp
> > $ echo $KRB5CCNAME
> > $ ls -lZ /tmp/krb5cc_1599100000_qojy7v
> > $ KRB5_TRACE=/dev/stderr kinit
> > $ KRB5_TRACE=/dev/stderr klist
> >
> > You can temporarily overcome this issue by selecting a different
ticket
> > cache by setting KRB5CCNAME environmental variable:
> >
> > $ export KRB5CCNAME=$HOME/.krb5cc
> > $ kinit
> > $ ipa user-find
> > ...
> >
> > However, it would be good to solve the issue to avoid repeating these
> > problems
> >
> >
> >
> > --
> > / Alexander Bokovoy
> >
> >
> > This document is strictly confidential and intended only for use by
the
> > addressee unless otherwise stated. If you are not the intended
> recipient,
> > please notify the sender immediately and delete it from your system.
See
>
> > you at 2014 Air Transport IT Summit, 17-19 June 2014 Click here to
> > register http://www.sitasummit.aero
> > _______________________________________________
> > Freeipa-users mailing list
> > Freeipa-users at redhat.com
> > https://www.redhat.com/mailman/listinfo/freeipa-users
> >
> > This document is strictly confidential and intended only for use by
the
> > addressee unless otherwise stated. If you are not the intended
> recipient,
> > please notify the sender immediately and delete it from your system.
> > See you at 2014 Air Transport IT Summit, 17-19 June 2014
> >
> > Click here to register http://www.sitasummit.aero
> >
> >
>
> > _______________________________________________
> > Freeipa-users mailing list
> > Freeipa-users at redhat.com
> > https://www.redhat.com/mailman/listinfo/freeipa-users
>
>
>
> This document is strictly confidential and intended only for use by the
> addressee unless otherwise stated. If you are not the intended
recipient,
> please notify the sender immediately and delete it from your system.
> See you at 2014 Air Transport IT Summit, 17-19 June 2014
>
> Click here to register http://www.sitasummit.aero
>
>
This document is strictly confidential and intended only for use by the
addressee unless otherwise stated. If you are not the intended recipient,
please notify the sender immediately and delete it from your system.
See you at 2014 Air Transport IT Summit, 17-19 June 2014
Click here to register http://www.sitasummit.aero
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140411/559dd3a8/attachment.htm>
More information about the Freeipa-users
mailing list