Oh my. Thanks for the report, let me know if a rebuild fixes the issue. If so we can get an official reissued package put together. Pat On 03/29/2017 06:20 PM, Orion Poplawski wrote: > I'm still seeing the gssproxy issue mentioned in this bug: > > https://bugzilla.redhat.com/show_bug.cgi?id=1414302 > > where gssproxy doesn't look in /var/lib/gssproxy/clients/%UID.keytab for a > valid keytab for non-root users. > > Bad strace (SL7.3) looks like: > > [pid 4528] close(15) = 0 > [pid 4528] gettimeofday({1490828550, 957971}, NULL) = 0 > [pid 4528] geteuid() = 0 > [pid 4528] open("/var/lib/gssproxy/clients/krb5cc_48", O_RDONLY|O_CLOEXEC) = > -1 ENOENT (No such file or directory) > [pid 4528] open("/var/kerberos/krb5/user/0/client.keytab", O_RDONLY) = -1 > ENOENT (No such file or directory) > [pid 4528] writev(2, [{"gssproxy[4524]: (OID: { 1 2 840 113554 1 2 2 }) > Unspecified GSS failure. Minor code may provide more information, No > credentials cache found\n", 142}], 1) = 142 > > i.e. looks first for active credential cache for the userid (48 in this case), > but then a keytab for uid 0 and in the default kerberos location, not in the > location specified in /etc/gssproxy/gssproxy.conf. > > Good strace (RHEL7.3) looks like: > > [pid 537] close(15) = 0 > [pid 537] gettimeofday({1490822814, 63838}, NULL) = 0 > [pid 537] open("/var/lib/gssproxy/clients/krb5cc_14", O_RDONLY|O_CLOEXEC) = > -1 ENOENT (No such file or directory) > [pid 537] open("/var/lib/gssproxy/clients/14.keytab", O_RDONLY) = -1 ENOENT > (No such file or directory) > > I didn't set up a keytab in this case, but you see that it looked for the > correct file - and didn't call geteuid(). > > I'm not sure what's going on here. Perhaps there was a build ordering issue > with the SL7.3 package builds. I'm going to try rebuilding the SL7.3 packages > and see if that helps. Just a heads up for now before I leave for the day. > >