[35957] in Kerberos
Re: root login via Kerberos5 - "User not known to the underlying
daemon@ATHENA.MIT.EDU (steve)
Sun Mar 30 07:38:07 2014
Message-ID: <1396179460.1427.22.camel@hh16.hh3.site>
From: steve <steve@steve-ss.com>
To: Wendy Lin <wendlin1974@gmail.com>
Date: Sun, 30 Mar 2014 13:37:40 +0200
In-Reply-To: <CA+j=ERr2TN4KoQ9K0ZbCoeJtstJ4FVG=Wesm9CwiF89htvW=Og@mail.gmail.com>
Mime-Version: 1.0
Cc: "<kerberos@mit.edu>" <kerberos@mit.edu>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
On Sat, 2014-03-29 at 21:33 +0100, Wendy Lin wrote:
> On 29 March 2014 16:07, steve <steve@steve-ss.com> wrote:
> > On Sat, 2014-03-29 at 14:01 +0100, Wendy Lin wrote:
> >
> >> login: pam_krb5[3808]: user 'root' was not authenticated by pam_krb5,
> >> returning "User not known to the underlying authentication module"
> >
> > Hi
> > Can root get a ticket?
> > kinit -k root -t /etc/krb5.keytab
>
> # klist
> klist: No credentials cache found (ticket cache DIR::/run/user/0/krb5cc/tkt)
If it's not working for keytab logins, add:
default_ccache_name = /tmp/krb5cc_%{uid}
to [libdefaults]
> # kinit -k root -t /etc/krb5.keytab
> kinit: Password incorrect while getting initial credentials
The root key in the keytab is invalid.
try:
ktutil: addent -password -p root@EXAMPLE.COM -k 1 -e arcfour-hmac
ktutil: wkt /etc/krb5.keytab
add other enctype flavours to taste
HTH
Steve
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
