Jump to content
Welcome to our new Citrix community!
  • 0

Supported Kerberos credential cache type and xdping


John Salvo

Question

Is there any reason why LVDA does NOT support KEYRING as a credential cache type according to xdping ?

Kerberos ----------------------------------------------------------------------
    Kerberos version: 5
      Verify Kerberos available                                          [Pass]
      Verify Kerberos version 5                                          [Pass]
    KRB5CCNAME:   KEYRING:persistent:10599
    KRB5CCNAME type: [NOT SUPPORTED]
                     Kernel keyring credential cache not supported
      Verify KRB5CCNAME cache type                                      [ERROR]
      The Kerberos environment variable KRB5CCNAME is using an
      unsupported credential cache type. Only credential cache files
      are supported by Linux VDA; DIR, MEMORY and KEYRING credential
      cache types are not supported.

    .................. <snip> ................

    Default ccache: KEYRING:persistent:%{uid}
    Default ccache type: [NOT SUPPORTED]
                         Kernel keyring credential cache not supported
      Verify default credential cache cache type                        [ERROR]
      The default credential cache setting is using an unsupported
      credential cache type. Only credential cache files are supported
      by Linux VDA; DIR, MEMORY and KEYRING credential cache types are
      not supported.

 

Reason I ask is that, my krb5,conf was originally using:

 

default_ccache_name = KEYRING:persistent:%{uid}

 

Then I changed it to be:

 

default_ccache_name = FILE:/tmp/krb5cc_%{uid}

 

Then I re-ran xdping as follows:

 

sudo -E xdping > xdping-6.log

 

.. and what happened was that the ownership of the file /tmp/krb55_10599 changed to root ... and so therefore I could not login anymore, nor can I do another sudo. I nearly locked myself out but I was able to change ownership of the file /tmp/krb55_10599 from root back to my userid / uid.

 

Thus, I changed it back from FILE to KEYRING. So to ask the question again, is there any reason why LVDA does not support KEYRING ?

 

 

 

 

 

 

 

 

 

Link to comment

2 answers to this question

Recommended Posts

3 minutes ago, Jigao Huang said:

It is because only files type credential cache is used inside LinuxVDA. Normally, the ownership of the credential file should be the login user instead of root.

 

OK .. I will change krb5,.conf to use FILE instead of KEYRING then. Just have to avoid running xdping via "sudo xdping" but instead do "sudo su -" and then run xdping.

Link to comment

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...