I'm on CentOS 6.4. Using kstart I have a TGT kept active using the machine account (ie computername$) from Active Directory. The ticket cache is assigned to root and is located at /tmp/krb5cc_0. I mount.cifs as root using sec=krb5. This works and I can browse the share.
The problem is that while a user can browse the share fine via ssh, rsync running under cron can't access it after its already been mounted. Nor can the Subversion Edge backup function. Rsync gets error:
rsync: ERROR: cannot stat destination "/mnt/dfs/backups/redmine/": Key has been revoked (128)
and csvn's backup gets the same 128 error:
CIFS VFS: Send error in SessSetup = -128
CIFS VFS: cifs_mount failed w/return code = -128
and sometimes a
CIFS VFS: Send error in SessSetup = -122
CIFS VFS: cifs_mount failed w/return code = -122
which I think means no quota.
I've tried disabling SELinux, so that's not the issue. How can I get these "background tasks" to be able to use a Kerberos CIFS share?
Best Answer
Cron isn't using the ticket cache, either because it doesn't know to (
KRB5CCNAME
isn't set or passed to the job) or it can't read the cache (permissions on the cache prevent the user the job is running as from reading it).