Ubuntu
gssproxy package

rcache directory set in unit file does not exist

Bug #1867788 reported by Stefan Fleischmann
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
gssproxy (Ubuntu)
Fix Released
Undecided
Unassigned

Bug Description

The unit file /lib/systemd/system/gssproxy.service contains the following line

Environment=KRB5RCACHEDIR=/var/lib/gssproxy/rcache

The directory /var/lib/gssproxy/rcache however does not exist, and this leads to authentication failures. In my case with apache2, in the apache2 log file I see this error

[auth_gssapi:error] [pid 730:tid 140028533495552] [client xxx.xxx.xxx.xxx:39078] GSS ERROR In Negotiate Auth: gss_accept_sec_context() failed: [Unspecified GSS failure. Minor code may provide more information ( Cannot create replay cache: No such file or directory)]

complaining about the missing directory. The result is that I cannot log in to the running web service anymore. If I manually create the directory I can log in again.

gssproxy 0.8.2-1 amd64 Privilege separation daemon for GSSAPI

Revision history for this message
Stefan Fleischmann (sfleischmann) wrote :

PS: this is a Ubuntu 20.04 container image. The directory /var/lib/gssproxy/clients exists. Is this the directory that should be referenced in the unit file instead?

Revision history for this message
Timo Aaltonen (tjaalton) wrote :

will be fixed in the next upload

Changed in gssproxy (Ubuntu):
status: New → Confirmed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package gssproxy - 0.8.2-2

---------------
gssproxy (0.8.2-2) unstable; urgency=medium

  * dirs: Install rcachedir, as referenced by the systemd file. (LP: #1867788)
  * source/options: Use extend-diff-ignore to ignore files which aren't
    on the tarball.

 -- Timo Aaltonen <email address hidden> Mon, 30 Mar 2020 21:32:52 +0300

Changed in gssproxy (Ubuntu):
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.