Natxo Asenjo <natxo.ase...@gmail.com> writes: > When implementing rsyslog with gssapi > (http://www.rsyslog.com/doc/gssapi.html) I came accross the issue > that the rsyslog software expects the credentials cache of the host > principal in /tmp/krb5cc_0; the centos 6.5 hosts joined to a freeipa > kerberos domain save that to /var/tmp/host_0 .
/var/tmp/host_0 looks more like a replay cache (rcache) filename to me. Are you seeing this on the rsyslog server or the rsyslog client? > I tried setting this: > > KRB5CCNAME='/var/tmp/host_0' > > or variations on that (double inverted comma's, no comma's) in > /etc/sysconfig/rsyslog which is the place where one expect to declare > such a variable in redhat/centos systems because that file is sourced > by the init scrip of rsyslog. But unfortunately rsyslog kept > requesting the /tmp/krb5cc_0 file. What error messages did you see? Is this on the client or the server? > Copying /var/tmp/host_0 over > /tmp/krb5cc_0 solves this problem and then one can relay syslog > messages using kerberos authentication, but it is not really elegant. I would not expect that to work if /var/tmp/host_0 were a replay cache, so maybe it is a ccache after all. ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
