[Freeipa-users] ipa: ERROR: did not receive Kerberos credentials
Alexander Bokovoy
abokovoy at redhat.com
Fri Apr 11 13:06:48 UTC 2014
On Fri, 11 Apr 2014, Rashard.Kelly at sita.aero wrote:
>futex(0x7f0e2e1462c0, FUTEX_WAKE_PRIVATE, 2147483647) = 0
>open("/tmp/krb5cc_1599100000_CUkupo", O_RDONLY) = -1 EACCES (Permission
>denied)
Are you sure you don't have SELinux really running and enabled?
Because the following output makes me really worry:
>> [root at replicahostname /tmp]# ll -Za
>> drwxrwxrwt. root root system_u:object_r:tmp_t:s0 .
>> dr-xr-xr-x. root root system_u:object_r:root_t:s0 ..
>> -rw------- rkelly rkelly ? .bash_history
>> drwxrwxrwt root root ? .ICE-unix
>> drwxrwxr-x rkelly rkelly ? .ipa
>> -r-------- root root ? krb5cc_0
>> -r-------- xs05144 xs05144 ? krb5cc_1599000020_u5RRhd
>> -r-------- rkelly rkelly ? krb5cc_1599100000_CUkupo
>> -r-------- rkelly rkelly ? krb5cc_1599100000_ZekyY0
These rkelly:rkelly krb5cc_* files have no SELinux label and should be
readable to the owner.
Can you show:
[root] # sestatus
[root] # audit2why -b -w -t avc
--
/ Alexander Bokovoy
More information about the Freeipa-users
mailing list