IPA authentication fails when "/tmp" permission is not 777

Solution Verified - Updated -

Issue

  • IPA user authentication fails when /tmp permission is modified.
  • Below error is observed in krb5_child.log
(Mon Jan 29 21:02:03 2018) [[sssd[krb5_child[14011]]]] [sss_get_ccache_name_for_principal] (0x2000): krb5_cc_cache_match failed: [-1765328243][Can't find client principal user@EXAMPLE in cache collection]
(Mon Jan 29 21:02:03 2018) [[sssd[krb5_child[14011]]]] [sss_unique_file_ex] (0x0040): mkstemp("/tmp/krb5cc_1704400064_i6gKQa") failed [13]: Permission denied!
(Mon Jan 29 21:02:03 2018) [[sssd[krb5_child[14011]]]] [handle_randomized] (0x0020): mkstemp("/tmp/krb5cc_1704400064_i6gKQa") failed [13]: Permission denied!
(Mon Jan 29 21:02:03 2018) [[sssd[krb5_child[14011]]]] [create_ccache] (0x0020): handle_randomized failed: 13
(Mon Jan 29 21:02:03 2018) [[sssd[krb5_child[14011]]]] [map_krb5_error] (0x0020): 1301: [13][Permission denied]
(Mon Jan 29 21:02:03 2018) [[sssd[krb5_child[14011]]]] [k5c_send_data] (0x0200): Received error code 1432158209

Environment

  • Red Hat Enterprise Linux Server release.

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In
Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.