On Mon, Jun 13, 2011 at 05:36:07PM -0400, Norman Elton wrote: > Based on IRC conversations with sgallagh, we determined that my > ignorance led to /etc/pam.d/system-auth being correctly configured, > but /etc/pam.d/password-auth left as the defaults. This was causing > issues with sssd renewing the incorrect kerb credential cache. > > After fixing my password-auth file, I'm still having issues with > automatic ticket renewal. It seems that, now, the sssd cache database > is not seeing my kerb credential cache. the ccacheFile is missing, > even after I log in successfully with kerb. My KRB5CCNAME environment > variable is set and matches the cache shown in klist.
This sounds like pam_krb5 is still called somewhere in your pam stack and doing authentication instead of sssd. Can you check the application specific pam config files like /etc/pam.d/sshd and the genric files /etc/pam.d/system-auth and /etc/pam.d/password-auth if pam_krb5 is listen in any of theses ? HTH bye, Sumit > > What would cause sssd to not recognize the cache name? selinux is in > permissive mode, I tried blowing away my sssd config (deleted all the > ldb databases) and reconfiguring everything from scratch with > authconfig. I'm not convinced something is leftover from a previous > bad config, but am not sure where else to look. > > Thanks for all the help, > > Norman > _______________________________________________ > sssd-devel mailing list > [email protected] > https://fedorahosted.org/mailman/listinfo/sssd-devel _______________________________________________ sssd-devel mailing list [email protected] https://fedorahosted.org/mailman/listinfo/sssd-devel
