When the Credential cache is missing: {{{ $ kdestroy $ ipa ping }}} Expected output: {{{ ipa: ERROR: did not receive Kerberos credentials }}} Actual output: {{{ Traceback (most recent call last): File "/usr/bin/ipa", line 32, in <module> cli.run(api) File "/usr/lib/python2.7/site-packages/ipalib/cli.py", line 1340, in run sys.exit(api.Backend.cli.run(argv)) File "/usr/lib/python2.7/site-packages/ipalib/cli.py", line 1096, in run self.create_context() File "/usr/lib/python2.7/site-packages/ipalib/backend.py", line 118, in create_context fallback=self.env.fallback, delegate=self.env.delegate) File "/usr/lib/python2.7/site-packages/ipalib/backend.py", line 64, in connect conn = self.create_connection(args, *kw) File "/usr/lib/python2.7/site-packages/ipalib/rpc.py", line 835, in create_connection principal = get_principal() File "/usr/lib/python2.7/site-packages/ipalib/krb_utils.py", line 172, in get_principal creds = get_credentials(ccache_name=ccache_name) File "/usr/lib/python2.7/site-packages/ipalib/krb_utils.py", line 155, in get_credentials return gssapi.Credentials(usage='initiate', name=name, store=store) File "/usr/lib64/python2.7/site-packages/gssapi/creds.py", line 64, in new store=store) File "/usr/lib64/python2.7/site-packages/gssapi/creds.py", line 137, in acquire mechs, usage) File "gssapi/raw/creds.pyx", line 158, in gssapi.raw.creds.acquire_cred (gssapi/raw/creds.c:1630) gssapi.raw.misc.GSSError: Major (851968): Unspecified GSS failure. Minor code may provide more information, Minor (2529639053): No Kerberos credentials available }}}
When the ticket is expired: {{{ $ kdestroy $ kinit admin -l 1m $ sleep 61 # wait till the ticket expires $ ipa ping }}} Expected: {{{ ipa: ERROR: did not receive Kerberos credentials }}} Actual: {{{ File "/usr/bin/ipa", line 32, in <module> cli.run(api) File "/usr/lib/python2.7/site-packages/ipalib/cli.py", line 1340, in run sys.exit(api.Backend.cli.run(argv)) File "/usr/lib/python2.7/site-packages/ipalib/cli.py", line 1096, in run self.create_context() File "/usr/lib/python2.7/site-packages/ipalib/backend.py", line 118, in create_context fallback=self.env.fallback, delegate=self.env.delegate) File "/usr/lib/python2.7/site-packages/ipalib/backend.py", line 64, in connect conn = self.create_connection(args, *kw) File "/usr/lib/python2.7/site-packages/ipalib/rpc.py", line 835, in create_connection principal = get_principal() File "/usr/lib/python2.7/site-packages/ipalib/krb_utils.py", line 173, in get_principal return unicode(creds.name) File "/usr/lib64/python2.7/site-packages/gssapi/creds.py", line 73, in name usage=False, mechs=False).name File "/usr/lib64/python2.7/site-packages/gssapi/creds.py", line 259, in inquire res = rcreds.inquire_cred(self, name, lifetime, usage, mechs) File "gssapi/raw/creds.pyx", line 351, in gssapi.raw.creds.inquire_cred (gssapi/raw/creds.c:2967) gssapi.raw.exceptions.ExpiredCredentialsError: Major (720896): The referenced credential has expired, Minor (100001): Success }}}
Raising priority, I hit this often too.
master:
Metadata Update from @dkupka: - Issue assigned to msimacek - Issue set to the milestone: FreeIPA 4.3
Login to comment on this ticket.