Hi Sam, Can you provide me a complete set of logs from both machines? The one where pam_sss_gss.so is working fine and the problematic one? I will take a look at them and will try to figure out what the issue is.
You can send it to me directly at ppola...@redhat.com. Best regards, Pawel On Thu, Apr 1, 2021 at 3:04 PM Sam Morris <s...@robots.org.uk> wrote: > Whoops, I forgot to include the sudo output! > > pam_sss_gss: Initializing GSSAPI authentication with SSSD > pam_sss_gss: Switching euid from 0 to 123456789 > pam_sss_gss: Trying to establish security context > pam_sss_gss: SSSD User name: sam.mor...@example.net > pam_sss_gss: User domain: example.net > pam_sss_gss: User principal: sam.mor...@example.net > pam_sss_gss: Target name: h...@myself.ipa.example.net > pam_sss_gss: Using ccache: FILE:/run/user/123456789/krb5cc > pam_sss_gss: Acquiring credentials for principal [sam.mor...@example.net] > pam_sss_gss: Communication error [3, 32]: Error in service module; Broken > pipe > pam_sss_gss: Switching euid from 123456789 to 0 > pam_sss_gss: System error [32]: Broken pipe > [sudo] password for sam.mor...@example.net: ^C > > If I run 'klist' at this point, I can see that I've picked up tickets for > krb5tgt/ipa.example....@example.net and host/ > myself.ipa.example....@ipa.example.net; so I think the PAM module is > working, but sssd_pam doesn't like what it sends and closes the connection > down. > > -- > Sam Morris <https://robots.org.uk/> > PGP: rsa4096/CAAA AA1A CA69 A83A 892B 1855 D20B 4202 5CDA 27B9 > _______________________________________________ > sssd-users mailing list -- sssd-users@lists.fedorahosted.org > To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org > Do not reply to spam on the list, report it: > https://pagure.io/fedora-infrastructure > -- Paweł Poławski Senior Software Engineer Red Hat <https://www.redhat.com/> ppola...@redhat.com @RedHat <https://twitter.com/redhat> Red Hat <https://www.linkedin.com/company/red-hat> Red Hat <https://www.facebook.com/RedHatInc> <https://red.ht/sig>
_______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure