IPA authentication fails when "/tmp" permission is not 777
Issue
- IPA user authentication fails when /tmp permission is modified.
- Below error is observed in krb5_child.log
(Mon Jan 29 21:02:03 2018) [[sssd[krb5_child[14011]]]] [sss_get_ccache_name_for_principal] (0x2000): krb5_cc_cache_match failed: [-1765328243][Can't find client principal user@EXAMPLE in cache collection]
(Mon Jan 29 21:02:03 2018) [[sssd[krb5_child[14011]]]] [sss_unique_file_ex] (0x0040): mkstemp("/tmp/krb5cc_1704400064_i6gKQa") failed [13]: Permission denied!
(Mon Jan 29 21:02:03 2018) [[sssd[krb5_child[14011]]]] [handle_randomized] (0x0020): mkstemp("/tmp/krb5cc_1704400064_i6gKQa") failed [13]: Permission denied!
(Mon Jan 29 21:02:03 2018) [[sssd[krb5_child[14011]]]] [create_ccache] (0x0020): handle_randomized failed: 13
(Mon Jan 29 21:02:03 2018) [[sssd[krb5_child[14011]]]] [map_krb5_error] (0x0020): 1301: [13][Permission denied]
(Mon Jan 29 21:02:03 2018) [[sssd[krb5_child[14011]]]] [k5c_send_data] (0x0200): Received error code 1432158209
Environment
- Red Hat Enterprise Linux Server release.
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.
