On 15.09.20 17:19, Alexander Bokovoy via FreeIPA-users wrote:
[...]
  Kerberos ticket in the user's ccache on the server side.
So. Let me try to summarize this for myself. When I want a kerberized
NFS share to be accessible the user must have a valid Kerberos ticket,
right? This can be either obtained through SSHD, could be delegated
from the originating system or it could be fetched on the target
system by SSSD. Is this correct?
More or less, yes.
I need to understand the SSH scenario a little bit better. In some cases
the user can log in via SSH properly but he gets a "permission denied"
error. I did a kinit myUser and everything worked fine. In order to
reproduce the issue I tought it would be sufficient to do a kdestroy and
try to log in via SSH again but in that case I did not get a "permission
denied" error.
klist showed no ticket
klist: Credentials cache keyring
'persistent:1246620005:krb_ccache_1fh0ssy' not found
Where is this cached? (rpcgssd? rpcidmapd?)
Cheers,
Ronald
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
