Found it.

It was selinux related.

For some reason allow_gssd_read_tmp was off; running
semanage boolean -1 allow_gssd_read_tmp
solved it.

[As a side note: why is this even tunable? Is there a practical usage
mode of rpc.gssd that does not require access to the credential caches?]

Thanks again for your help!


Freeipa-users mailing list

Reply via email to