In this test: > Testing that pam_sss_gss.so is properly authing: > # login as your user, view (or gain) kerberos credentials (klist to verify > valid ccache, kinit to gain creds if needed) > # run sudo -i or sudo [command]. this should execute the sudo without issue > > eg: > user1@working-host1:~$ sudo -i > pam_sss_gss: Initializing GSSAPI authentication with SSSD > pam_sss_gss: Switching euid from 0 to 1234556 > pam_sss_gss: Trying to establish security context > pam_sss_gss: SSSD User name: us...@example.com > pam_sss_gss: User domain: example.com > pam_sss_gss: User principal: > pam_sss_gss: Target name: h...@working-host1.example.com > pam_sss_gss: Using ccache: default > pam_sss_gss: Acquiring credentials, principal name will be derived > pam_sss_gss: Switching euid from 1234556 to 0 > pam_sss_gss: Authentication successful > root@host1:~#
Did you also unset KRB5CCNAME? That's what we are trying to fix, right? That it works without that variable set. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2103623 Title: pam_sss_gss fails to work when KRB5CCNAME is not set To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/2103623/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
