Displaying 17 results from an estimated 17 matches for "krb5cc_uid".
2009 Sep 19
1
cifs.upcall not respecting krb5ccname env var?
...r/whatever /whatever -o sec=krb5i
This should mount the share using Kerberos & Packet-signing by using the
cached credentials of the user executing the command. With judicious use of
strace, it seems that cifs.upcall makes the assumption that the Kerberos
credentials will be present at /tmp/krb5cc_UID, however, this is not always
the case; the credentials may have a random element in the file name. Here's
an example output from the system:
/tmp/krb5cc_0 /tmp/krb5cc_10000_IKsPGl4129 /tmp/krb5cc_10003_SXDRDQ7677
As such, the command works fine under root, but will fail for users with
UI...
2020 Oct 02
2
Kerberos ticket lifetime
...COM
>> ??? renew until 08/10/20 15:41:17
>
> In your case, did you ssh to "centos8", or you just logged into it via
> a GUI?? When I login via the GUI, winbind renews the key. When I ssh,
> it does not.? On your destination system, the ticket cache is still
> /tmp/krb5cc_UID, and not /tmp/krb5cc_UID_<random bits>.
>
> In my case, even after I copied the /tmp/krb5cc_UID_<random bits> back
> to /tmp/krb5cc_UID, winbind also did not renew the key. sigh.
>
> Jason.
>
>
I logged in via 'ssh' and until I added pam_krb5, I didn't...
2020 Oct 02
3
Kerberos ticket lifetime
On 01/10/2020 21:46, Rowland penny via samba wrote:
> On 01/10/2020 21:23, Jason Keltz via samba wrote:
>>
>>
>> Okay - I guess the failure of kdc: lines in smb.conf is a bug.
>>
>> Let's wait and see what happens with your ticket after 10 hours.
>> Maybe there's a bug there as well.
> It will be in the middle of the night here, so I will report
2017 Aug 05
3
Printing with smbspool_krb5_wrapper not working in Ubuntu 16.04
...RB5CCNAME?
Also wondering about why I get this right after the above error: "Could not determine network interfaces, you must use a interfaces config line"
(As a side note, not sure if it is interesting, but I see in the /var/log/cups/error_log that SMBSPOOL_KRB5 sets KRB5CCNAME to /tmp/krb5cc_UID (where UID is >= 1000). In our environment the user gets /tmp/krb5cc_UID_RANDOM (where RANDOM is a random string) from Heimdal Kerberos when logging in so in 14.04 (where printing works) you have to create a symbolic link from /tmp/krb5cc_UID to /tmp/krb5cc_UID_RANDOM to have the printing work w...
2020 Oct 02
4
Kerberos ticket lifetime
...15:41:17
> >
> > In your case, did you ssh to "centos8", or you just logged
> into it via
> > a GUI?? When I login via the GUI, winbind renews the key.
> When I ssh,
> > it does not.? On your destination system, the ticket cache is still
> > /tmp/krb5cc_UID, and not /tmp/krb5cc_UID_<random bits>.
> >
> > In my case, even after I copied the /tmp/krb5cc_UID_<random
> bits> back
> > to /tmp/krb5cc_UID, winbind also did not renew the key. sigh.
> >
> > Jason.
> >
> >
> I logged in via 'ssh&...
2020 Oct 02
0
Kerberos ticket lifetime
...AMPLE.COM at SAMDOM.EXAMPLE.COM
> ??? renew until 08/10/20 15:41:17
In your case, did you ssh to "centos8", or you just logged into it via a
GUI?? When I login via the GUI, winbind renews the key. When I ssh, it
does not.? On your destination system, the ticket cache is still
/tmp/krb5cc_UID, and not /tmp/krb5cc_UID_<random bits>.
In my case, even after I copied the /tmp/krb5cc_UID_<random bits> back
to /tmp/krb5cc_UID, winbind also did not renew the key. sigh.
Jason.
2020 Oct 02
0
Kerberos ticket lifetime
...ew until 08/10/20 15:41:17
>>
>> In your case, did you ssh to "centos8", or you just logged into it
>> via a GUI?? When I login via the GUI, winbind renews the key. When I
>> ssh, it does not.? On your destination system, the ticket cache is
>> still /tmp/krb5cc_UID, and not /tmp/krb5cc_UID_<random bits>.
>>
>> In my case, even after I copied the /tmp/krb5cc_UID_<random bits>
>> back to /tmp/krb5cc_UID, winbind also did not renew the key. sigh.
>>
>> Jason.
>>
>>
> I logged in via 'ssh' and unti...
2017 Aug 05
0
Printing with smbspool_krb5_wrapper not working in Ubuntu 16.04
...ut why I get this right after the above error:
> "Could not determine network interfaces, you must use a interfaces
> config line"
>
> (As a side note, not sure if it is interesting, but I see in
> the /var/log/cups/error_log that SMBSPOOL_KRB5 sets KRB5CCNAME
> to /tmp/krb5cc_UID (where UID is >= 1000). In our environment the
> user gets /tmp/krb5cc_UID_RANDOM (where RANDOM is a random string)
> from Heimdal Kerberos when logging in so in 14.04 (where printing
> works) you have to create a symbolic link from /tmp/krb5cc_UID
> to /tmp/krb5cc_UID_RANDOM to have...
2020 Oct 02
0
Kerberos ticket lifetime
...41:17
>>> In your case, did you ssh to "centos8", or you just logged
>> into it via
>>> a GUI?? When I login via the GUI, winbind renews the key.
>> When I ssh,
>>> it does not.? On your destination system, the ticket cache is still
>>> /tmp/krb5cc_UID, and not /tmp/krb5cc_UID_<random bits>.
>>>
>>> In my case, even after I copied the /tmp/krb5cc_UID_<random
>> bits> back
>>> to /tmp/krb5cc_UID, winbind also did not renew the key. sigh.
>>>
>>> Jason.
>>>
>>>
>>...
2012 Dec 10
3
Automatically Cleaning Kerberos Credential Cache Files
I'm in a situation here at work where I'm trying to support a mixed
network of OS X and RHEL desktop machines with a Postfix/Dovecot
combination.
- user account information is stored in LDAP
- user credentials are in MIT Kerberos
- server is running RHEL 6/Dovecot 2.0.9/Postfix 2.6.6
I am currently using the PAM passdb module to authenticate my users (I
began to have trouble
2020 Sep 15
4
smbclient ignores configured kerberos ccache when using krb5-user on ubuntu/debian
Hello all.
I'm encountering an issue where smbclient seemingly ignores the kerberos
ccache as configured in krb5.conf when using "krb5-user" as the kerberos
package and will instead always default to using "FILE:/tmp/krb5cc_uid".
I tested each valid default ccache name type but smbclient completely
ignores whatever is set as the "default_ccache_name" in the conf file. I
went on to test "heimdal-clients" as the kerberos package and smbclient
appears to be using the ccache that is configured in the...
2017 Aug 05
2
Printing with smbspool_krb5_wrapper not working in Ubuntu 16.04
Rowland Penny wrote:
> On Sat, 5 Aug 2017 15:29:54 +0200
> Van Svensson via samba <samba at lists.samba.org> wrote:
>
> > Rowland Penny wrote:
> >
> > > On Sat, 5 Aug 2017 14:44:34 +0200
> > > Van Svensson via samba <samba at lists.samba.org> wrote:
> > >
> > > > Rowland Penny wrote:
> > > >
> > >
2019 Feb 15
0
winbind offline logon
...dential cache can be controlled with this option. The supported values are: KEYRING (when supported by the system's Kerberos library and Kernel), FILE and DIR (when the DIR type is
supported by the system's Kerberos library). In case of FILE a credential cache in the form of /tmp/krb5cc_UID will be created - in case of DIR you NEED to specify a directory. UID is
replaced with the numeric user id.
When using the KEYRING type, the supported mechanism is “KEYRING:persistent:UID”, which uses the Linux kernel keyring to store credentials on a per-UID basis. This is t...
2017 Mar 22
5
kerberized-nfs - any experts out there?
...mance issue, as I see 100s
of ticket requests within the same second when someone tries to launch
a lot of jobs. Many of these will fail with "permission denied" but
if they immediately re-try, it works. Related to this, I have been
unable to figure out what creates and deletes the
/tmp/krb5cc_uid_random files.
(3) Kerberized NFS shares getting "stuck" for one or more users.
We have another monitoring app (in-house developed) that, among other
things, makes periodic checks of these NFS mounts. It does so by
forking and doing a simple "ls" command. This is to ensure...
2020 Sep 16
0
smbclient ignores configured kerberos ccache when using krb5-user on ubuntu/debian
...> Hello all.
> >
> > I'm encountering an issue where smbclient seemingly ignores
> the kerberos
> > ccache as configured in krb5.conf when using "krb5-user" as
> the kerberos
> > package and will instead always default to using
> "FILE:/tmp/krb5cc_uid".
> > I tested each valid default ccache name type but smbclient
> completely
> > ignores whatever is set as the "default_ccache_name" in the
> conf file. I
> > went on to test "heimdal-clients" as the kerberos package
> and smbclient
> >...
2019 Feb 14
6
winbind offline logon
Hi all, I have a problem in libpam-winbind: offline logon doesn't seems
to work. The first version of samba in which I have found the problem is
4.1 and the last is 4.7 but I fear that newer version are affected too.
Hopefully there is a workaround: you have to remove
krb5_ccache_type=FILE from /etc/pam.d/common-auth
I have opened a bug report[¹] where you can find more details.
Any one
2020 Apr 01
0
Missing domain user tickets with winbind
...it can store the retrieved
> Ticket Granting Ticket (TGT) in a credential cache. The type
> of credential cache can be set with this option. Currently
> the only supported value is: FILE. In that case a credential
> cache in the form of /tmp/krb5cc_UID will be created, where
> UID is replaced with the numeric user id. Leave empty to just
> do kerberos authentication without having a
> ticket cache after the logon has succeeded.
>
>
> >
> > The mount only works when I use kinit to populat...