[36541] in Kerberos
Re: documentation on how to set $KRB5CCNAME for kerberized/gssapi
daemon@ATHENA.MIT.EDU (Natxo Asenjo)
Mon Oct 13 08:26:47 2014
To: undisclosed-recipients:;
MIME-Version: 1.0
In-Reply-To: <ldvr3ygdgjr.fsf@sarnath.mit.edu>
Date: Mon, 13 Oct 2014 13:55:26 +0200
Message-ID: <CAHBEJzUNVXSY7K-iS5sMHuLNZ0ga1ggueaJ0GEjF6Ms80yiDrQ@mail.gmail.com>
From: Natxo Asenjo <natxo.asenjo@gmail.com>
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
On Fri, Oct 10, 2014 at 12:28 AM, Tom Yu <tlyu@mit.edu> wrote:
> Natxo Asenjo <natxo.asenjo@gmail.com> writes:
>
>> When implementing rsyslog with gssapi
>> (http://www.rsyslog.com/doc/gssapi.html) I came accross the issue
>> that the rsyslog software expects the credentials cache of the host
>> principal in /tmp/krb5cc_0; the centos 6.5 hosts joined to a freeipa
>> kerberos domain save that to /var/tmp/host_0 .
>
> /var/tmp/host_0 looks more like a replay cache (rcache) filename to me.
> Are you seeing this on the rsyslog server or the rsyslog client?
I think you are correct. When looking at that file I see my kerberos
principal named a few times with this type of strings: HASH:lotsofhex,
so this looks like one of those files.
>> I tried setting this:
>>
>> KRB5CCNAME='/var/tmp/host_0'
>>
>> or variations on that (double inverted comma's, no comma's) in
>> /etc/sysconfig/rsyslog which is the place where one expect to declare
>> such a variable in redhat/centos systems because that file is sourced
>> by the init scrip of rsyslog. But unfortunately rsyslog kept
>> requesting the /tmp/krb5cc_0 file.
>
> What error messages did you see? Is this on the client or the server?
This is on the client. The messages I get on the client:
Oct 13 13:47:19 host rsyslogd-2024: GSS-API Context initialization failed
[try http://www.rsyslog.com/e/2024 ]
Oct 13 13:47:19 host rsyslogd: GSS-API error initializing context:
Unspecified GSS failure. Minor code may provide more information
Oct 13 13:47:19 host rsyslogd: GSS-API error initializing context:
Credentials cache file '/tmp/krb5cc_0' not found
Thanks,
--
Groeten,
natxo
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
