We normally store credentials in the kernel keyring, have you changed the default ccache type in your installation ?
If you have elected to use /tmp to store ccaches and it is full it is expected for auth to fail. Simo. On Mon, 2017-09-18 at 17:11 +0200, Marius Bjørnstad via FreeIPA-users wrote: > Hi, > > When /tmp is full, it is impossible to authenticate with Kerberos. > Login with password over SSH and sudo don't work. Login with ssh key > works fine. Here is the output in the system log when I try to log on > via SSH with password auth (this is on RHEL 6): > > Sep 18 16:56:59 vali sshd: Set /proc/self/oom_score_adj to 0 > Sep 18 16:56:59 vali sshd: Connection from 192.168.1.48 port > 49917 > Sep 18 16:57:02 vali [sssd[krb5_child]]: Credentials cache I/O > operation failed XXX > Sep 18 16:57:02 vali [sssd[krb5_child]]: Credentials cache I/O > operation failed XXX > Sep 18 16:57:04 vali sshd: Failed password for paalmbj from > 192.168.1.48 port 49917 ssh2 > Sep 18 16:57:07 vali sshd: Connection closed by 192.168.1.48 > > From SSH I get: > Permission denied, please try again. > > The problem seems to be that Kerberos can't store its credentials > cache. Is this normal, and is there a way around it? Sure, ideally I > should limit the space usable by each user, but that doesn't help > when a given user needs to log in and fix their tmp usage. > > Thanks, > Marius > _______________________________________________ > FreeIPA-users mailing list -- firstname.lastname@example.org > To unsubscribe send an email to email@example.com > d.org -- Simo Sorce Sr. Principal Software Engineer Red Hat, Inc _______________________________________________ FreeIPA-users mailing list -- firstname.lastname@example.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org