On 09/11/2013 08:49 PM, Dean Hunter wrote: > On Wed, 2013-09-11 at 11:49 -0400, Simo Sorce wrote: >> On Wed, 2013-09-11 at 10:39 -0500, Dean Hunter wrote: >> > On Wed, 2013-09-11 at 11:20 -0400, Simo Sorce wrote: >> > > On Wed, 2013-09-11 at 08:39 -0500, Dean Hunter wrote: >> > > >> > > > I do NOT believe this: >> > > > [dean@ipa2 ~]$ ssh dean@desktop2 >> > > > Last login: Wed Sep 11 08:32:21 2013 from ipa2.hunter.org >> > > > Could not chdir to home directory /home/net/dean: Permission >> > > > denied >> > > > -bash: /home/net/dean/.bash_profile: Permission denied >> > > > >> > > > -bash-4.2$ logout >> > > > -bash: /home/net/dean/.bash_logout: Permission denied >> > > > Connection to desktop2 closed. >> > > > >> > > > [dean@ipa2 ~]$ su - >> > > > Password: >> > > > >> > > > [root@ipa2 ~]# ssh dean@desktop2 >> > > > dean@desktop2's password: >> > > > Last login: Wed Sep 11 08:34:29 2013 from ipa2.hunter.org >> > > > >> > > > [dean@desktop2 ~]$ logout >> > > > Connection to desktop2 closed. >> > > > >> > > > [root@ipa2 ~]# logout >> > > > >> > > > [dean@ipa2 ~]$ ssh dean@desktop2 >> > > > Last login: Wed Sep 11 08:35:16 2013 from ipa2.hunter.org >> > > > >> > > > [dean@desktop2 ~]$ >> > > > >> > > >> > > Are you using a kerberized NFS mount ? >> > > >> > > I think what is happening is that when going via SSH rpc.gssd cannot >> > > find your ticket, ssh may be doing something "wrong" in this case. >> > > >> > > Simo. >> > > >> > Yes, I am using Kerberos with NFS. >> > >> > Should I report this as a bug? >> > >> We need to decide what component is faulty. It may be possible we can >> get it working somehow. >> >> When you ssh in what is the ccache ssh assign you ? >> can you run klist and post the output (sanitize it if needed) ? >> >> Simo. >> > I hope this is what you requested: > > [dean@ipa2 <mailto:dean@ipa2> ~]$ klist > Ticket cache: DIR::/run/user/1387400001/krb5cc/tktFDDxRR > Default principal: [email protected] <mailto:[email protected]> > > Valid starting Expires Service principal > 09/11/13 19:43:28 09/12/13 19:43:28 krbtgt/[email protected] > <mailto:[email protected]> > > [dean@ipa2 <mailto:dean@ipa2> ~]$ ssh dean@desktop2 > <mailto:dean@desktop2> > Last login: Wed Sep 11 19:41:48 2013 from ipa2.hunter.org > Could not chdir to home directory /home/net/dean: Permission denied > -bash: /home/net/dean/.bash_profile: Permission denied > > -bash-4.2$ hostname > desktop2.hunter.org > > -bash-4.2$ klist > klist: No credentials cache found (ticket cache > FILE:/tmp/krb5cc_1387400001) > > -bash-4.2$ logout > -bash: /home/net/dean/.bash_logout: Permission denied > Connection to desktop2 closed. > > [dean@ipa2 <mailto:dean@ipa2> ~]$ klist > Ticket cache: DIR::/run/user/1387400001/krb5cc/tktFDDxRR > Default principal: [email protected] <mailto:[email protected]> > > Valid starting Expires Service principal > 09/11/13 19:43:28 09/12/13 19:43:28 krbtgt/[email protected] > <mailto:[email protected]> > 09/11/13 19:44:43 09/12/13 19:43:28 > host/[email protected] > <mailto:[email protected]> > > [dean@ipa2 <mailto:dean@ipa2> ~]$ > > > > _______________________________________________ > Freeipa-users mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/freeipa-users Do I get it right: you tried twice and the first time it did not work while the second it did? There might be a race condition mounting your home directory using your ticket.
-- Thank you, Dmitri Pal Sr. Engineering Manager for IdM portfolio Red Hat Inc. ------------------------------- Looking to carve out IT costs? www.redhat.com/carveoutcosts/
_______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
