On Wed, 2013-09-11 at 12:08 -0400, Dmitri Pal wrote: > On 09/11/2013 11:49 AM, Simo Sorce wrote: > > On Wed, 2013-09-11 at 10:39 -0500, Dean Hunter wrote: > >> On Wed, 2013-09-11 at 11:20 -0400, Simo Sorce wrote: > >>> On Wed, 2013-09-11 at 08:39 -0500, Dean Hunter wrote: > >>> > >>>> I do NOT believe this: > >>>> [dean@ipa2 ~]$ ssh dean@desktop2 > >>>> Last login: Wed Sep 11 08:32:21 2013 from ipa2.hunter.org > >>>> Could not chdir to home directory /home/net/dean: Permission > >>>> denied > >>>> -bash: /home/net/dean/.bash_profile: Permission denied > >>>> > >>>> -bash-4.2$ logout > >>>> -bash: /home/net/dean/.bash_logout: Permission denied > >>>> Connection to desktop2 closed. > >>>> > >>>> [dean@ipa2 ~]$ su - > >>>> Password: > >>>> > >>>> [root@ipa2 ~]# ssh dean@desktop2 > >>>> dean@desktop2's password: > >>>> Last login: Wed Sep 11 08:34:29 2013 from ipa2.hunter.org > >>>> > >>>> [dean@desktop2 ~]$ logout > >>>> Connection to desktop2 closed. > >>>> > >>>> [root@ipa2 ~]# logout > >>>> > >>>> [dean@ipa2 ~]$ ssh dean@desktop2 > >>>> Last login: Wed Sep 11 08:35:16 2013 from ipa2.hunter.org > >>>> > >>>> [dean@desktop2 ~]$ > >>>> > >>> Are you using a kerberized NFS mount ? > >>> > >>> I think what is happening is that when going via SSH rpc.gssd cannot > >>> find your ticket, ssh may be doing something "wrong" in this case. > >>> > >>> Simo. > >>> > >> Yes, I am using Kerberos with NFS. > >> > >> Should I report this as a bug? > >> > > We need to decide what component is faulty. It may be possible we can > > get it working somehow. > > > > When you ssh in what is the ccache ssh assign you ? > > can you run klist and post the output (sanitize it if needed) ? > > > > Simo. > > > > Simo, > > Would setting KRBCCACHE explicitly on the client help?
It depends, it would not help if you used GSSAPI SSO auth but did *not* delegate your credentials for example, as you have no credentials on the target system in that case. Simo. -- Simo Sorce * Red Hat, Inc * New York _______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
