Hi,
I setup Kerberos and OpenLDAP successfully. I installed NFS4 and it is protected by Kerberos. Everything works fine at login, however; it fails when I ksu. If I login as user2 (1002) and then try to ksu user1 (1001), I get permission denied when I try to ls my home directory. I tried the option -Z but it gave me: Permission Denied user1 has no permission to access /tmp/krb5xxxxxxxx Here is the log: gssd.rpc -vvvv > > Jan 10 10:02:48 machine1 rpc.gssd[19083]: handling krb5 upcall > > Jan 10 10:02:48 machine1 rpc.gssd[19083]: getting credentials for client > > with uid 1001 for server nfs-server-machine > > Jan 10 10:02:48 machine1 rpc.gssd[19083]: CC file 'krb5cc_1001.1' being > > considered > > Jan 10 10:02:48 machine1 rpc.gssd[19083]: CC file 'krb5cc_1002_cfxLz28926' > > being considered > > Jan 10 10:02:48 machine1 rpc.gssd[19083]: CC file 'krb5cc_machine_REALM' > > being considered > > Jan 10 10:02:48 machine1 rpc.gssd[19083]: using FILE:/tmp/krb5cc_1001 as > > credentials cache for client with uid 1001 for server nfs-server-machine > > Jan 10 10:02:48 machine1 rpc.gssd[19083]: using environment variable to > > select krb5 ccache FILE:/tmp/krb5cc_1001 > > Jan 10 10:02:48 machine1 rpc.gssd[19083]: creating context using fsuid 1001 > > (save_uid 0) > > Jan 10 10:02:48 machine1 rpc.gssd[19083]: ERROR: GSS-API: error in > > gss_acquire_cre d(): Miscellaneous failure - Unknown code krb5 195 > > Jan 10 10:02:48 machine1 rpc.gssd[19083]: WARNING: Failed while limiting > > krb5 encryption types for user with uid 1001 > > Jan 10 10:02:48 machine1 rpc.gssd[19083]: WARNING: Failed to create krb5 > > context for user with uid 1001 for server nfs-server-machine > > Jan 10 10:02:48 machine1 rpc.gssd[19083]: doing error downcall Platform: Debian 4 Any help? Thank you Amir _________________________________________________________________ Express yourself instantly with MSN Messenger! Download today it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
