Skip to content
This repository was archived by the owner on Apr 30, 2020. It is now read-only.
This repository was archived by the owner on Apr 30, 2020. It is now read-only.

Credentials cache permissions incorrect #9

Closed
Closed
Credentials cache permissions incorrect#9
@T0MASD

Description

@T0MASD
T0MASD
opened on Mar 10, 2014

Hi,
Firstly thanks for the tool.
I'm using krbcontext with a keytab on my pyramid app:

    with krbcontext(using_keytab=True,
                    principal=settings['krbcontext_principal'],
                    keytab_file=settings['krbcontext_keytab_file'],
                    ):
        gssapiTransport = HTTPSGssapiTransport(settings['krb_domain'], verbose=0)
        server = xmlrpclib.ServerProxy(settings['rpc_url'], transport=gssapiTransport)

all goes well, a krb credential cache is created as /tmp/krb5cc_48:
-rw-------. 1 apache apache 1306 Mar 10 09:46 /tmp/krb5cc_48

However once the credential cache expires, krbcontext doesn't seem to be renewing it properly:

[Mon Mar 10 09:15:14 2014] [error]    File "/apps/keel/keel/helpers/user.py", line 29, in orgchart_query
[Mon Mar 10 09:15:14 2014] [error]      keytab_file=settings['krbcontext_keytab_file'],
[Mon Mar 10 09:15:14 2014] [error]    File "/usr/lib64/python2.6/contextlib.py", line 16, in __enter__
[Mon Mar 10 09:15:14 2014] [error]      return self.gen.next()
[Mon Mar 10 09:15:14 2014] [error]    File "/usr/lib/python2.6/site-packages/krbcontext/context.py", line 184, in krbcontext
[Mon Mar 10 09:15:14 2014] [error]      inited, old_ccache = init_ccache_if_necessary(context, kwargs)
[Mon Mar 10 09:15:14 2014] [error]    File "/usr/lib/python2.6/site-packages/krbcontext/context.py", line 155, in init_ccache_if_necessary
[Mon Mar 10 09:15:14 2014] [error]      init_required = is_initialize_ccache_necessary(context, ccache, principal)
[Mon Mar 10 09:15:14 2014] [error]    File "/usr/lib/python2.6/site-packages/krbcontext/context.py", line 76, in is_initialize_ccache_necessary
[Mon Mar 10 09:15:14 2014] [error]      cred_time = get_tgt_time(context, ccache, principal)
[Mon Mar 10 09:15:14 2014] [error]    File "/usr/lib/python2.6/site-packages/krbcontext/utils.py", line 33, in get_tgt_time
[Mon Mar 10 09:15:14 2014] [error]      result = ccache.get_credentials(creds, krbV.KRB5_GC_CACHED, 0)
[Mon Mar 10 09:15:14 2014] [error]  Krb5Error: (-1765328190, 'Credentials cache permissions incorrect')

After I've restarted my apache server, everything started working again.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions