Can use kerberized telnet, but cannot use pam_krb5
Ralf Hildebrandt
Ralf.Hildebrandt at charite.de
Wed Feb 1 11:38:57 EST 2006
* Douglas E. Engert <deengert at anl.gov>:
> >I can also use the kerberized telnetd (/usr/bin/telnet.krb5 from the
> >krb5-clients package) and log into that host successfully (with the
> >username & password that the win2k provides).
>
> This should have had the same error,
That's why I tried it as alternative... I even used sshd and PAM and
that worked as well.
> >Jan 31 20:54:05 vpn-gw-int openvpn[3005]: pam_krb5: verify_krb_v5_tgt():
> >krb5_kt_read_service_key(): Key table entry not found
>
>
> This implies it can not find the keytab file entry for the host.
But it's there:
--------------- snip -----------------
# ktutil
ktutil: list
slot KVNO Principal
---- ---- ---------------------------------------------------------------------
ktutil: rkt /etc/krb5.keytab
ktutil: list
slot KVNO Principal
---- ---- ---------------------------------------------------------------------
1 1 host/vpn-gw.charite.de at CHARITE.DE
2 1 host/vpn-gw.charite.de at CHARITE.DE
3 1 openvpn-krb5/vpn-gw.charite.de at CHARITE.DE
4 1 host/vpn-gw.charite.de at CHARITE.DE
5 1 openvpn-krb5/vpn-gw.charite.de at CHARITE.DE
ktutil: q
--------------- snip -----------------
--
_________________________________________________
Charité - Universitätsmedizin Berlin
_________________________________________________
Ralf Hildebrandt
i.A. Geschäftsbereich Informationsmanagement
Campus Benjamin Franklin
Hindenburgdamm 30 | Berlin
Tel. +49 30 450 570155 | Fax +49 30 450 570962
Ralf.Hildebrandt at charite.de
http://www.charite.de
More information about the Kerberos
mailing list