[Freeipa-users] ipa: ERROR: did not receive Kerberos credentials

Rashard.Kelly at sita.aero Rashard.Kelly at sita.aero
Fri Apr 11 13:42:41 UTC 2014 

[root at replicahostname ~]# sestatus
SELinux status:                 disabled
[root at replicahostname ~]# audit2why -b -w -t avc
[root at replicahostname ~]#


Nothing in the audit log after audit2why came back either.


Thank You,
Rashard Kelly



From:   Alexander Bokovoy <abokovoy at redhat.com>
To:     Rashard.Kelly at sita.aero
Cc:     Sumit Bose <sbose at redhat.com>, freeipa-users at redhat.com
Date:   04/11/2014 09:06 AM
Subject:        Re: [Freeipa-users] ipa: ERROR: did not receive Kerberos 
credentials



On Fri, 11 Apr 2014, Rashard.Kelly at sita.aero wrote:
>futex(0x7f0e2e1462c0, FUTEX_WAKE_PRIVATE, 2147483647) = 0
>open("/tmp/krb5cc_1599100000_CUkupo", O_RDONLY) = -1 EACCES (Permission
>denied)

Are you sure you don't have SELinux really running and enabled?

Because the following output makes me really worry:
>> [root at replicahostname /tmp]# ll -Za
>> drwxrwxrwt. root    root    system_u:object_r:tmp_t:s0       .
>> dr-xr-xr-x. root    root    system_u:object_r:root_t:s0      ..
>> -rw-------  rkelly  rkelly  ? .bash_history
>> drwxrwxrwt  root    root    ?                                .ICE-unix
>> drwxrwxr-x  rkelly  rkelly  ?                                .ipa
>> -r--------  root    root    ?                                krb5cc_0
>> -r--------  xs05144 xs05144 ? krb5cc_1599000020_u5RRhd
>> -r--------  rkelly  rkelly  ? krb5cc_1599100000_CUkupo
>> -r--------  rkelly  rkelly  ? krb5cc_1599100000_ZekyY0
These rkelly:rkelly krb5cc_* files have no SELinux label and should be
readable to the owner.

Can you show:

[root] # sestatus
[root] # audit2why -b -w -t avc


-- 
/ Alexander Bokovoy


This document is strictly confidential and intended only for use by the
addressee unless otherwise stated.  If you are not the intended recipient,
please notify the sender immediately and delete it from your system.
See you at 2014 Air Transport IT Summit, 17-19 June 2014

Click here to register  http://www.sitasummit.aero


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140411/c1b0bb30/attachment.htm>

More information about the Freeipa-users mailing list