krb5-server-1.11.2-4.fc19.x86_64 uses DIR ccaches by default. mod_auth_kerb is hardcoded to use a FILE ccache so cannot work with a DIR ccache:
Errors look like:
[Mon May 06 17:34:20.615703 2013] [auth_kerb:error] [pid 26394] [client 192.168.196.165:46538] Could not get default Kerberos ccache: No credentials cache found (-1765328189), referer: https://ipa.example.com/ipa/xml [Mon May 06 17:34:20.620755 2013] [auth_kerb:error] [pid 26394] [client 192.168.196.165:46538] gss_acquire_cred() failed: Unspecified GSS failure. Minor code may provide more information (, Can't find client principal HTTP/ipa.example.com@EXAMPLE.COM in cache collection), referer: https://ipa.example.com/ipa/xml
This can be fixed by setting KRB5CCNAME in /etc/sysconfig/httpd
attachment freeipa-rcrit-1101-ccache.patch
master: 13cef6c
Disabling RHEL Bugzila field, this is a F19 development regression.
Metadata Update from @rcritten: - Issue assigned to rcritten - Issue set to the milestone: FreeIPA 3.2 - 2013/04-05 (GA)
Login to comment on this ticket.