[Bug 1783183] Re: apparmor profile denied for kerberos client keytab and credential cache files

Andreas Hasenack andreas at canonical.com
Tue Jul 24 18:19:06 UTC 2018


"/etc/krb5/user/389/client.keytab" feels like a local modification you
made, to store keytab files somewhere under /etc/krb5. I suggest you add
an apparmor exception in /etc/apparmor.d/local/usr.sbin.slapd.

Unless I'm wrong and that directory is being used as a standard location
by some package. Please let me know which is the case.

As to the /tpm/krb5cc_389 file, can you elaborate on the scenario that
led to this behavior? Why is slapd trying to read that ticket cache
file? Maybe because it failed to read the keytab file?


** Changed in: openldap (Ubuntu)
       Status: New => Incomplete

-- 
You received this bug notification because you are a member of Ubuntu
Server, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/1783183

Title:
  apparmor profile denied for kerberos client keytab and credential
  cache files

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1783183/+subscriptions



More information about the Ubuntu-server-bugs mailing list