On 10/01/18 15:53, Alexander Bokovoy wrote:
Looks like you are using KEYRING type of Kerberos ccache in both the host and LXCs. KEYRING is not namespaced, so your LXCs are using whatever was put in the KEYRING ccache for the same user (root) on the
host.

From within LXCs, remove default_ccache_name from their /etc/krb5.conf files, then libkrb5 will default to using FILE:/tmp/krb5cc_%{uid} which would be part of the LXC container file system and thus wouldn't be shared with the host.

Indeed, change in lxc's krb5.conf fixes that problem.
thanks!
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to