libpam_krb5 + heimdal issue (newbie alarm)

[Lars]

I also have tried Heimdal on a Debain 3.0 installation using the same 
documentation.  I can add principles and use kinit to connect and list 
to see the ticket, but like Marcus, I could not log in at all.

This morning I wiped it all and tried MIT kerberos instead and can get 
as far as the above, but still cannot log in.  In contrast, I do get an 
error message about expired accounts and such.

-Lars


Aug  2 12:59:17 beta krb5kdc[27106]: AS_REQ (3 etypes {16 3 1}) 
xxx.yyy.zzz.aaa(88): NEEDED_PREAUTH: memyselfni at XXXXX.ORG for 
krbtgt/XXXXX.ORG at XXXXX.ORG, Additional pre-authentication required

Aug  2 12:59:17 beta krb5kdc[27106]: preauth (timestamp) verify failure: 
No matching key in entry

Aug  2 12:59:17 beta krb5kdc[27106]: AS_REQ (3 etypes {16 3 1}) 
xxx.yyy.zzz.aaa(88): PREAUTH_FAILED: memyselfni at XXXXX.ORG for 
krbtgt/XXXXX.ORG at XXXXX.ORG, Preauthentication failed

Aug  2 12:59:18 beta krb5kdc[27106]: DISPATCH: repeated (retransmitted?) 
request from xxx.yyy.zzz.aaa port 88, resending previous response

Aug  2 12:59:18 beta krb5kdc[27106]: preauth (timestamp) verify failure: 
No matching key in entry

Aug  2 12:59:18 beta krb5kdc[27106]: AS_REQ (3 etypes {16 3 1}) 
xxx.yyy.zzz.aaa(88): PREAUTH_FAILED: memyselfni at XXXXX.ORG for 
krbtgt/XXXXX.ORG at XXXXX.ORG, Preauthentication failed

Aug  2 12:59:18 beta PAM-warn[27368]: service: ssh [on terminal: NODEVssh]

Aug  2 12:59:18 beta PAM-warn[27368]: user: (uid=0) -> memyselfni 
[remote: ?nobody at xxx.yyy.zzz.bbb]

Aug  2 12:59:18 beta sshd[27368]: PAM rejected by account 
configuration[13]: User account has expired




Marcus Blomenkamp wrote:
[snip]
> sake. I am following the steps of documentation from: 
> http://www.ofb.net/~jheiss/krbldap/howto.html
[snip]