[Freeipa-users] Re: Littered /run/ipa/ccaches directory probably causing outage of ipa API

Sat, 15 Apr 2023 02:02:46 -0700 

On la, 15 huhti 2023, terrible person via FreeIPA-users wrote:

Hi Rob,

Apologies for the delay in responding to your message. I have been
trying to investigate the issue by looking at the logs for KDC and
httpd, but so far, I have not been able to find any useful information.
I also attempted to enable debug mode in KDC, but it appears that there
is no debug output available for the server.

The problem seems to occur when someone encounters it, such as when my
colleagues are actively using certmonger and need to add hosts and
certificates for their services. At times, the API suddenly throws
error messages, and I have limited room to investigate the problem
properly without resorting to restarting the service, which is not an
ideal solution.

I was hoping that someone could provide me with a general dataflow
model from the time a basic command, such as 'ipa ca-show ipa', is
issued until the result is returned. While I have a basic understanding
of the Kerberos exchange, I tend to get lost when Apache
mod_auth_gssapi and gssproxy are involved in the exchange, and I am
unsure of who is requesting what.

Maybe after that realization of where to look for the problem will come.


Use search for this list. About a year ago I did a bit of explanation of
the setup for these problems:

https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org/message/JC6VQ2V6G2GJZDDHYALRM42WQBGZ5L23/

--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Reply via email to