Found it.

It was selinux related.

For some reason allow_gssd_read_tmp was off; running
semanage boolean -1 allow_gssd_read_tmp
solved it.

[As a side note: why is this even tunable? Is there a practical usage
mode of rpc.gssd that does not require access to the credential caches?]

Thanks again for your help!

Tom


_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to