[Freeipa-users] ipa: ERROR: did not receive Kerberos credentials
Sumit Bose
sbose at redhat.com
Fri Apr 11 13:54:26 UTC 2014
On Fri, Apr 11, 2014 at 09:42:41AM -0400, Rashard.Kelly at sita.aero wrote:
> [root at replicahostname ~]# sestatus
> SELinux status: disabled
> [root at replicahostname ~]# audit2why -b -w -t avc
> [root at replicahostname ~]#
>
>
> Nothing in the audit log after audit2why came back either.
That's odd. Can you read the file with od?
od /tmp/krb5cc_1599100000_CUkupo
don't send the output just check if it is readable of if od returns an
error as well?
Are there any odd filesystem permission on your klist binary like s-bit
set?
ls -alZ $(which klist)
(her you can send the output :-)
bye,
Sumit
>
>
> Thank You,
> Rashard Kelly
>
>
>
> From: Alexander Bokovoy <abokovoy at redhat.com>
> To: Rashard.Kelly at sita.aero
> Cc: Sumit Bose <sbose at redhat.com>, freeipa-users at redhat.com
> Date: 04/11/2014 09:06 AM
> Subject: Re: [Freeipa-users] ipa: ERROR: did not receive Kerberos
> credentials
>
>
>
> On Fri, 11 Apr 2014, Rashard.Kelly at sita.aero wrote:
> >futex(0x7f0e2e1462c0, FUTEX_WAKE_PRIVATE, 2147483647) = 0
> >open("/tmp/krb5cc_1599100000_CUkupo", O_RDONLY) = -1 EACCES (Permission
> >denied)
>
> Are you sure you don't have SELinux really running and enabled?
>
> Because the following output makes me really worry:
> >> [root at replicahostname /tmp]# ll -Za
> >> drwxrwxrwt. root root system_u:object_r:tmp_t:s0 .
> >> dr-xr-xr-x. root root system_u:object_r:root_t:s0 ..
> >> -rw------- rkelly rkelly ? .bash_history
> >> drwxrwxrwt root root ? .ICE-unix
> >> drwxrwxr-x rkelly rkelly ? .ipa
> >> -r-------- root root ? krb5cc_0
> >> -r-------- xs05144 xs05144 ? krb5cc_1599000020_u5RRhd
> >> -r-------- rkelly rkelly ? krb5cc_1599100000_CUkupo
> >> -r-------- rkelly rkelly ? krb5cc_1599100000_ZekyY0
> These rkelly:rkelly krb5cc_* files have no SELinux label and should be
> readable to the owner.
>
> Can you show:
>
> [root] # sestatus
> [root] # audit2why -b -w -t avc
>
>
> --
> / Alexander Bokovoy
>
>
> This document is strictly confidential and intended only for use by the
> addressee unless otherwise stated. If you are not the intended recipient,
> please notify the sender immediately and delete it from your system.
> See you at 2014 Air Transport IT Summit, 17-19 June 2014
>
> Click here to register http://www.sitasummit.aero
>
>
More information about the Freeipa-users
mailing list