[Freeipa-users] How to enable krb5_child log
Kees Bakker
keesb at ghs.com
Fri Feb 3 13:47:27 UTC 2017
On 03-02-17 10:43, Kees Bakker wrote:
> On 03-02-17 10:17, Jakub Hrozek wrote:
>> On Fri, Feb 03, 2017 at 09:45:34AM +0100, Kees Bakker wrote:
>>
>>> Then, at the very same time user "someuser", on his own login, gets this:
>>> $ klist
>>> klist: Invalid UID in persistent keyring name while getting default ccache
>>>
>>> One more thing I should mention. It may be of influence. The "someuser"
>>> is a local user in /etc/passwd, _and_ it is a user in IPA, with different uid's.
>>> Could that trigger the error?
>> Yes, if the UID of the local user and the IPA user differ.
>>
>> If you need to use the user from passwd and authenticate the user with
>> his IPA credentials, then you can't use id_provider=ipa in sssd.conf,
>> but id_provider=proxy and auth_provider=krb5.
>>
> Thanks, Jakub. I really appreciate your feedback.
> I'll test what you suggested.
Alas, still, no success. :-(
--
Kees
More information about the Freeipa-users
mailing list