On 02-02-17 17:32, Jakub Hrozek wrote: > On Thu, Feb 02, 2017 at 05:19:07PM +0100, Kees Bakker wrote: >> Hi >> >> Sorry, I did search wherever I could but I couldn't find it. >> How do I enable krb5_child debug log? I'm on an Ubuntu >> system which by default writes an empty /var/log/krb5_child.log >> >> Is it a section in /etc/sssd/sssd.conf? Is it in /etc/krb5.conf? What >> do I have to add where to get logging in krb5_child.log? > add debug_level= to the [domain] section.
OK. I've done that before with 0x3ff0 , but this time I used level 6 (which I read somewhere as being the old method). And now I see output in krb5_child.log Thanks What's weird though. On another system I'm doing the exactly same. Nothing is logged in krb5_child.log. > >> BTW. I'm trying to debug a problem that results in >> "Invalid UID in persistent keyring" >> The weird thing is, if I become root (via another ssh login) and >> then do a "su - user" (the same user with the error), the problem >> does not show up. Meanwhile that user keeps getting the above >> error (for klist kdestroy, klist). > su as root gets automatically authenticated by the pam_rootok.so > module.. > Hmm. I'm not sure if you understood what I was doing: The "root" way $ ssh [email protected] # su - someuser $ klist someuser klist: Credentials cache keyring 'persistent:1013:1013' not found $ kinit someuser Password for [email protected]: The latter seems to be working (I can't finish because I don't have that password). Then, at the very same time user "someuser", on his own login, gets this: $ klist klist: Invalid UID in persistent keyring name while getting default ccache One more thing I should mention. It may be of influence. The "someuser" is a local user in /etc/passwd, _and_ it is a user in IPA, with different uid's. Could that trigger the error? -- Kees -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
