On 09/11/2013 08:49 PM, Dean Hunter wrote:
> On Wed, 2013-09-11 at 11:49 -0400, Simo Sorce wrote:
>> On Wed, 2013-09-11 at 10:39 -0500, Dean Hunter wrote:
>> > On Wed, 2013-09-11 at 11:20 -0400, Simo Sorce wrote: 
>> > > On Wed, 2013-09-11 at 08:39 -0500, Dean Hunter wrote:
>> > > 
>> > > > I do NOT believe this:
>> > > >         [dean@ipa2 ~]$ ssh dean@desktop2
>> > > >         Last login: Wed Sep 11 08:32:21 2013 from ipa2.hunter.org
>> > > >         Could not chdir to home directory /home/net/dean: Permission
>> > > >         denied
>> > > >         -bash: /home/net/dean/.bash_profile: Permission denied
>> > > >         
>> > > >         -bash-4.2$ logout
>> > > >         -bash: /home/net/dean/.bash_logout: Permission denied
>> > > >         Connection to desktop2 closed.
>> > > >         
>> > > >         [dean@ipa2 ~]$ su -
>> > > >         Password: 
>> > > >         
>> > > >         [root@ipa2 ~]# ssh dean@desktop2
>> > > >         dean@desktop2's password: 
>> > > >         Last login: Wed Sep 11 08:34:29 2013 from ipa2.hunter.org
>> > > >         
>> > > >         [dean@desktop2 ~]$ logout
>> > > >         Connection to desktop2 closed.
>> > > >         
>> > > >         [root@ipa2 ~]# logout
>> > > >         
>> > > >         [dean@ipa2 ~]$ ssh dean@desktop2
>> > > >         Last login: Wed Sep 11 08:35:16 2013 from ipa2.hunter.org
>> > > >         
>> > > >         [dean@desktop2 ~]$ 
>> > > > 
>> > > 
>> > > Are you using a kerberized NFS mount ?
>> > > 
>> > > I think what is happening is that when going via SSH rpc.gssd cannot
>> > > find your ticket, ssh may be doing something "wrong" in this case.
>> > > 
>> > > Simo.
>> > > 
>> > Yes, I am using Kerberos with NFS.
>> > 
>> > Should I report this as a bug?
>> > 
>> We need to decide what component is faulty. It may be possible we can
>> get it working somehow.
>>
>> When you ssh in what is the ccache ssh assign you ?
>> can you run klist and post the output (sanitize it if needed) ?
>>
>> Simo.
>>
> I hope this is what you requested:
>
>     [dean@ipa2 <mailto:dean@ipa2> ~]$ klist
>     Ticket cache: DIR::/run/user/1387400001/krb5cc/tktFDDxRR
>     Default principal: d...@hunter.org <mailto:d...@hunter.org>
>
>     Valid starting     Expires            Service principal
>     09/11/13 19:43:28  09/12/13 19:43:28  krbtgt/hunter....@hunter.org
>     <mailto:hunter....@hunter.org>
>
>     [dean@ipa2 <mailto:dean@ipa2> ~]$ ssh dean@desktop2
>     <mailto:dean@desktop2>
>     Last login: Wed Sep 11 19:41:48 2013 from ipa2.hunter.org
>     Could not chdir to home directory /home/net/dean: Permission denied
>     -bash: /home/net/dean/.bash_profile: Permission denied
>
>     -bash-4.2$ hostname
>     desktop2.hunter.org
>
>     -bash-4.2$ klist
>     klist: No credentials cache found (ticket cache
>     FILE:/tmp/krb5cc_1387400001)
>
>     -bash-4.2$ logout
>     -bash: /home/net/dean/.bash_logout: Permission denied
>     Connection to desktop2 closed.
>
>     [dean@ipa2 <mailto:dean@ipa2> ~]$ klist
>     Ticket cache: DIR::/run/user/1387400001/krb5cc/tktFDDxRR
>     Default principal: d...@hunter.org <mailto:d...@hunter.org>
>
>     Valid starting     Expires            Service principal
>     09/11/13 19:43:28  09/12/13 19:43:28  krbtgt/hunter....@hunter.org
>     <mailto:hunter....@hunter.org>
>     09/11/13 19:44:43  09/12/13 19:43:28 
>     host/desktop2.hunter....@hunter.org
>     <mailto:desktop2.hunter....@hunter.org>
>
>     [dean@ipa2 <mailto:dean@ipa2> ~]$
>
>
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users@redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
Do I get it right: you tried twice and the first time it did not work
while the second it did?
There might be a race condition mounting your home directory using your
ticket.

-- 
Thank you,
Dmitri Pal

Sr. Engineering Manager for IdM portfolio
Red Hat Inc.


-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/



_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to