[27837] in Kerberos
Re: pam_krb5: unable to get PAM_KRB5CCNAME,
daemon@ATHENA.MIT.EDU (Adam Megacz)
Thu May 31 22:07:29 2007
To: kerberos@mit.edu
From: Adam Megacz <megacz@cs.berkeley.edu>
Date: Thu, 31 May 2007 19:06:43 -0700
Message-ID: <x3ps4g1l8s.fsf@nowhere.com>
Mime-Version: 1.0
X-Complaints-To: usenet@sea.gmane.org
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
For the record, this turned out to be the result of the user having a
bogus ~/.k5login.
- a
Russ Allbery <rra@stanford.edu> writes:
> Adam Megacz <megacz@cs.berkeley.edu> writes:
>
>> Can anybody tell me what this message means, and how to fix the problem
>> it appears to indicate?
>
>> May 13 17:46:52 goliath sshd[6468]: (pam_krb5): root: unable to get PAM_KRB5CCNAME, assuming non-Kerberos login
>
> It means that the pam_krb5 auth stack either never ran or failed, and
> therefore setcred and open_session will be skipped. pam_krb5 only does
> ticket cache setup if pam_krb5 was the one doing the authentication.
>
> If you're doing GSSAPI authentication to sshd, this is normal, since sshd
> does ticket cache setup itself in that case and pam_krb5 doesn't need to
> do anything.
>
> --
> Russ Allbery (rra@stanford.edu) <http://www.eyrie.org/~eagle/>
> ________________________________________________
> Kerberos mailing list Kerberos@mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>
--
PGP/GPG: 5C9F F366 C9CF 2145 E770 B1B8 EFB1 462D A146 C380
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
