Red Hat Bugzilla – Bug 999604
failure in creation of credential cache for users whose principal does not belong to the default realm
Last modified: 2013-09-03 18:30:28 EDT
Created attachment 788934 [details]
Description of problem:
having kerberos V principals defined in more than one realm and using the mappings feature of pam_krb5 the users whose principal is not defined in the default realm does not get the credential cache available after login.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
configure the user kerberos V principal into two separate realms and use the pam_krb5 mapping feature to redirect the password validation to the appropriate KDC.
the user whose principal is defined into the default realm gets the credential cache available whereas the user whose principal is defined into the other realm don't.
Both the users get their credential cache available after login
when the user is not defined in the default realm, in /var/log/secure the auth phase reports
"failed to create ccache for '<USERNAME>'"
and the session phase reports
"ccache is a directory named '/run/user/0/krb5cc'" (instead of /run/user/<USER_UID>/krb5cc)
"no credentials available to store in 'DIR:/run/user/0/krb5cc'"
Created attachment 788935 [details]
Created attachment 788936 [details]
/var/log/secure extract for a user in the default realm
Created attachment 788937 [details]
/var/log/secure extract for a user NOT in the default realm
Can you check if one of the builds at http://koji.fedoraproject.org/koji/taskinfo?taskID=5838705 corrects this? Thanks!
Great! I'll file an update request shortly.
pam_krb5-2.4.6-1.fc19 has been submitted as an update for Fedora 19.
* should fix your issue,
* was pushed to the Fedora 19 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing pam_krb5-2.4.6-1.fc19'
as soon as you are able to.
Please go to the following url:
then log in and leave karma (feedback).
pam_krb5-2.4.6-1.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.