Skip Menu |
 

Date: Tue, 01 May 2012 13:40:27 -0400
From: Rob Crittenden <rcritten@redhat.com>
To: krb5-bugs@mit.edu
Subject: [BUG] poor error message when /tmp is not writable
A user had accidentally deleted and re-created /tmp but had not restored
SELinux permission. So while it was mode 1777 it lacked the SELinux
context so was not writable.

The error from Kerberos when trying to obtain a ticket in mod_auth_kerb is:

[Tue May 01 09:22:07 2012] [error] [client 10.16.186.52] gss_acquire_cred()
failed: Unspecified GSS failure. Minor code may provide more
information (, )

I have no insight into why the failure is unspecified but it would be
helpful to include more information, even if just the ccache location
being used.

rob
Can you identify the specific mod_auth_krb5 source code in use in this
scenario?

The GSSAPI library is capable of generating more specific error messages
based on the minor code, if the calling application does the right thing. The version of mod_auth_krb5 I looked at ought to generate a message based
on the minor code... but it also shouldn't have needed to read from or
write to a ccache when calling that function. So I'm probably looking at
the wrong code.