On 3/2/2021 4:48 PM, Simo Sorce wrote:
On Tue, 2021-03-02 at 15:46 -0500, Jason Keltz wrote:
> Hi.
>
> I'm running gssproxy on many hosts with CentOS 7.9. gssproxy is
> constantly generating this error in syslog for every host, repeatedly:
>
> Mar 02 15:41:53 sel01 gssproxy[977]: (OID: { 1 2 840 113554 1 2 2 })
> Unspecified GSS failure. Minor code may provide more information, No
> creden...che found
> Mar 02 15:41:53 sel01 gssproxy[881]: gssproxy[977]: (OID: { 1 2 840
> 113554 1 2 2 }) Unspecified GSS failure. Minor code may provide more
> informa...che found
> M
>
> Looking in more detail, it's constantly trying to open
> /var/lib/gssproxy/clients/krb5cc_42. UID 42 is gdm. It's a local user
> not in Kerberos. When I strace the gdm process, I don't see it
> constantly trying to access any particular share that would required
> Kerberos. I want gssproxy to completely ignore gdm altogether. How
> would I go about doing this?
So normally the GSS-Proxy mechglue is not invoked at all, as it is
dependent on having an envronment variable set up.
Did you set the env var to enable gssproxy system wide ?
It is normally preferred to prepend it only for applications that you
want to intercept by modifying unit files individually.
Hi Simo,
All the clients are running gssproxy by default. As far as I know, I
haven't changed anything at all except adding to 99-nfs-client.conf
krb5_principal.
I assumed this was the default behaviour. /etc/gssproxy/gssproxy.conf
contains nothing but "[gssproxy]".
Where would I look?
Jason.