While working on something else recently, I got a hunch for what might have been happening here. I had configured syncrepl on this server to use GSSAPI (saslmech=GSSAPI) to authenticate to its provider server. In this role, slapd ignores the keytab file and behaves like an ordinary GSSAPI client. It just calls whatever GSSAPI functions provided by the available library. I'm guessing that library consulted /run/.heim_org.h5l.kcm-socket as one of the places to check for cached credentials.
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1472639 Title: apparmor profile denied for kerberos: /run/.heim_org.h5l.kcm-socket To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1472639/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
