|
|
| Reporter | tps800 | Assigned To | | |
|---|
| Priority | normal | Severity | major | Reproducibility | always |
|---|
| Status | new | Resolution | open | |
|---|
| Product Version | 7.0-1406 | |
|---|
|
|
| Summary | 0007410: For a client /etc/krb5.keytab isn't loaded at system startup |
|---|
| Description | For kerberos clients /etc/krb5.keytab isn't loaded at system startup. ktutil shows an empty list until the existing keytab is loaded. With the next reboot the list is empty again until reread by "echo rkt /etc/krb5.keytab | ktutil".
If no other means or login allowed:
keylist is empty -> ksu fails
ssh to this system with a proper authenticated user from an other system -> password required |
|---|
| Steps To Reproduce | Install CentOS 6,7
Set up kerberos
Set up ksu
Set up ssh
Set up pam to use kerberos
Test the whole thing
Export krb5.keytab for the system. Copy it over to the system to its default location with the default name: /etc/krb5.keytab
use ktutil to import force rereading the new krb5.keytab. Make sure the keys where imported and can be listed. Check if ksu functions properly, ssh logins require no password if logging in from an already authenticated system.
Reboot.
Check with ktutil for existing keys -> list is empty again.
|
|---|
| Additional Information | An existing krb5.keytab holding the system keys is ignored at the default location: /etc/krb5.keytab at system bootup. The description states if the file exists at the default location it would be used to install the keys inside into the system while starting up. |
|---|
| Tags | No tags attached. |
|---|
|
|
| abrt_hash | |
|---|
| URL | |
|---|
|
|
