View Issue Details

IDProjectCategoryView StatusLast Update
0007410CentOS-7krb5public2014-07-21 11:39
Reportertps800 Assigned To 
PrioritynormalSeveritymajorReproducibilityalways
Status newResolutionopen 
Product Version7.0-1406 
Summary0007410: For a client /etc/krb5.keytab isn't loaded at system startup
DescriptionFor kerberos clients /etc/krb5.keytab isn't loaded at system startup. ktutil shows an empty list until the existing keytab is loaded. With the next reboot the list is empty again until reread by "echo rkt /etc/krb5.keytab | ktutil".

If no other means or login allowed:
keylist is empty -> ksu fails
ssh to this system with a proper authenticated user from an other system -> password required
Steps To ReproduceInstall CentOS 6,7
Set up kerberos
Set up ksu
Set up ssh
Set up pam to use kerberos
Test the whole thing

Export krb5.keytab for the system. Copy it over to the system to its default location with the default name: /etc/krb5.keytab

use ktutil to import force rereading the new krb5.keytab. Make sure the keys where imported and can be listed. Check if ksu functions properly, ssh logins require no password if logging in from an already authenticated system.

Reboot.

Check with ktutil for existing keys -> list is empty again.
Additional InformationAn existing krb5.keytab holding the system keys is ignored at the default location: /etc/krb5.keytab at system bootup. The description states if the file exists at the default location it would be used to install the keys inside into the system while starting up.
TagsNo tags attached.
abrt_hash
URL

Activities

tps800

tps800

2014-07-21 11:39

reporter   ~0020488

Same bug for RHEL6,7; OL6

Two possibilities: all descriptions are wrong (all state /etc/krb5.keytab shall load at system bootup) or: something is missing installing krb5-workstation and pam_krb5.

Issue History

Date Modified Username Field Change
2014-07-21 11:34 tps800 New Issue
2014-07-21 11:39 tps800 Note Added: 0020488