Description of problem: I see bug #961235 with a description of the root cause. What is the work-around for use with IPA? I can not ssh to this virtual machine as it is in the default network and isolated. I must use a console login then "su -". Version-Release number of selected component (if applicable): freeipa-server-3.2.1-1.fc19.x86_64 How reproducible: Consistent Steps to Reproduce: 1. Build a new Fedora 19 VM with the updates-testing repository disabled 2. Login through console 3. su - 4. yum install --assumeyes bind bind-dyndb-ldap freeipa-server 5. ipa-server-install .... 6. kinit admin Actual results: kinit: Credential cache directory /run/user/0/krb5cc does not exist while getting default ccache Expected results: Successful kerberos login Additional info:
Hello Dean, this really is not FreeIPA bug, so I plan to close it as duplicate to Bug 961235. But speaking of workaround, I think you can for example update your ~/.bashrc or alternative and override system KRB5CCNAME to make it point to some directory that indeed exists, e.g.: export KRB5CCNAME=/tmp/krb5cc_$(id -u) Note this workaround is only temporary and will disallow you to use benefits coming from http://fedoraproject.org/wiki/Features/KRB5CacheMove. A real solution needs to come from the aforementioned Bug 961235.
Yes, I know it is not a FreeIPA bug, but I need to know how y'all work-around it, whether there are particular requirements for IPA or who knows what. The wiki article says that the KRB5 Cache Move feature is complete. This seems to be confirmed by the behavior I experienced, except they did not cover the su/sudo use cases which is what bug #961235 seems to be about. Since you seem to be speaking somewhat tentatively, I am guessing that you have not personally experienced this problem?
I am not sure how others work around it, you can write to freeipa-devel mailing list, you may get answers or hints from more developers than just from me. But the temporary workaround I proposed above should work until bug #961235 is fixed. Closing this Bugzilla as duplicate to Bug 961235. *** This bug has been marked as a duplicate of bug 961235 ***
This seems to work: if [ ! -d /run/user/0/krb5cc ] # RedHat bug 977972 then # RedHat bug 977972 mkdir -p /run/user/0/krb5cc # RedHat bug 977972 chmod -R 700 /run/user/0 # RedHat bug 977972 fi # RedHat bug 977972 kinit admin ....