When I log in as user1 and then tries to ksu to user2, the cache is owned by user1! user2 has no access at all, even no read access! The cache file is not on the normal form /tmp/krb5cc_uid, instead it is /tmp/krb5cc_uid.1 (an integer is appended)
I'm using NFS4 & Kerberos and both are working fine when I login or SSH but not when I ksu. I checked the log and here is what I found:. Jan 6 09:36:00 ia714204 rpc.gssd[4968]: doing error downcall Jan 6 09:36:00 ia714204 rpc.gssd[4968]: handling krb5 upcall Jan 6 09:36:00 ia714204 rpc.gssd[4968]: getting credentials for client with uid 1002 for server [EMAIL PROTECTED] Jan 6 09:36:00 ia714204 rpc.gssd[4968]: using FILE:/tmp/krb5cc_1002 as credentials cache for client with uid 1002 for server [EMAIL PROTECTED] Jan 6 09:36:00 ia714204 rpc.gssd[4968]: using environment variable to select krb5 ccache FILE:/tmp/krb5cc_1002 Jan 6 09:36:00 ia714204 rpc.gssd[4968]: creating context using fsuid 1002 (save_uid 0) Jan 6 09:36:00 ia714204 rpc.gssd[4968]: ERROR: GSS-API: error in gss_acquire_cred(): Miscellaneous failure - Unknown code krb5 195 Jan 6 09:36:00 ia714204 rpc.gssd[4968]: WARNING: Failed while limiting krb5 encryption types for user with uid 1002 Jan 6 09:36:00 ia714204 rpc.gssd[4968]: WARNING: Failed to create krb5 context for user with uid 1002 for server [EMAIL PROTECTED] Kerberos 195 means no credential cache found; I could not found any /tmp/krb5cc_1002 but I found tmp/krb5cc_1002.1 which is not readable by uid 1002 I need ksu to get a TGT for the target user and place it in the target user's cache, is this possible? _________________________________________________________________ Express yourself instantly with MSN Messenger! Download today it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
