[32331] in Kerberos
problem with pam_krb5 4.2-1
daemon@ATHENA.MIT.EDU (Rohit Kumar Mehta)
Thu May 13 16:25:40 2010
Message-ID: <4BEC6062.9000601@engr.uconn.edu>
Date: Thu, 13 May 2010 16:26:10 -0400
From: Rohit Kumar Mehta <rohitm@engr.uconn.edu>
MIME-Version: 1.0
To: "kerberos@mit.edu" <kerberos@mit.edu>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Hi guys, in upgrading some Ubuntu systems from Karmic (libpam-krb5
3.15-1) to Lucid (libpam-krb5 4.2-1) I discovered a problem.
SSH authentication would fail with pam_krb5 the error:
"credential verification failed: KDC has no support for encryption type"
However kinit username@REALM worked fine, as did kerberized NFS mounts.
I found that if I removed my krb5.keytab things ssh authentication also
worked. After reading the docs I was able to get login working and keep
my krb5.keytab by adding a "keytab=/foo" option to the line in my
/etc/pam.d/common-auth that called pam_krb5.so. Is there a downside to
doing this?
I'm also wondering why my krb5.keytab is not accepted by pam_krb5.
Could it be because I am authenticating in the realm=AD.ENGR.UCONN.EDU
and the principals in the keytab are in the realm=ENGR.UCONN.EDU?
Thanks for any assistance!
Rohit
--
Rohit Mehta
Computer Engineer
University of Connecticut
Engineering Computing Services
371 Fairfield Road Unit 2031
Storrs, CT 06269-2031
Office: (860) 486 - 2331
Fax: (860) 486 - 1273
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
