klist on empty environment fails to find a forwarded kerberos ticket

Solution Unverified - Updated -

Issue

With a forwarded Kerberos ticket, the ticket cache is set to:

Ticket cache: FILE:/tmp/krb5cc_<uid>_xxxxxxxxxx

and the env variable KRB5CCNAME is set:

KRB5CCNAME=FILE:/tmp/krb5cc_<uid>_xxxxxxxxxx

Klist can only find the forwarded kerberos ticket when the env is set. If the environment is empty, then klist fails to find the kerberos ticket:

-bash-4.1$ /usr/bin/strace /usr/bin/klist -5s 2>&1 | /bin/grep krb5ccopen("/tmp/krb5cc_23639_biNUBT5532", O_RDONLY) = 3
-bash-4.1$

-bash-4.1$ /bin/env -i /usr/bin/strace /usr/bin/klist -5s 2>&1 | /bin/grep krb5cc
open("/tmp/krb5cc_23639", O_RDONLY)     = -1 ENOENT (No such file or directory)
-bash-4.1$ 

The result of this is that svn fails on check-ins when you have a forwarded tickets. There are probably other things that are broken, but that's the one that got me started to look at this issue.

So, if the environment variable KRB5CCNAME is set, things are O.K. because you look for a ticket in the correct ticket cache location.
If it is not set, like when you start a command with an empty environment, klist fails to find your ticket because it looks in the wrong ticket cache file.

svn strips the environment, so when you have a forwarded kerberos ticket it fails to find it.

Same on RHEL 5:

-bash-3.2$ /usr/bin/strace /usr/kerberos/bin/klist -5s 2>&1 | /bin/grep krb5ccopen("/tmp/krb5cc_23639_stOuB11073", O_RDONLY) = 3
-bash-3.2$ /bin/env -i /usr/bin/strace /usr/kerberos/bin/klist -5s 2>&1 | /bin/grep krb5cc
open("/tmp/krb5cc_23639", O_RDONLY)     = -1 ENOENT (No such file or directory)
-bash-3.2$

Environment

  • Red Hat Enterprise Linux 5/6
  • ssh (using gssapi)
  • svn (with pre/post hooks)

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In
Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.