Authentication problems using Telnet on Solaris 9
huaraz at moeller.plus.com
Sat Sep 4 07:28:07 EDT 2004
You need a valid keytab to use pam_krb5 or set verify_ap_req_nofail = false.
"pam_sm_authenticate() authenticates a user principal through the Kerberos
authentication service. If the authentication request is successful, the
authentication service sends a ticket-granting ticket (TGT) back to the
service module, which then verifies that the TGT came from a valid Key
Distribution Center (KDC) by attempting to get a service ticket for the
local host service. For this to succeed, the local host's keytab file
(/etc/krb5/krb5.keytab) must contain the entry for the local host service.
For example, in the file host/hostname.com at REALM, hostname.com is the fully
qualified local hostname and REALM is the default realm of the local host as
defined in /etc/krb5/krb5.conf. If the host entry is not found in the keytab
file, the authentication fails. Administrators may optionally disable this
"strict" verification by setting the "verify_ap_req_nofail = false" in
/etc/krb5/krb5.conf. See krb5.conf(4) for more details on this option. This
allows TGT verification to succeed in the absence of a keytab host principal
"Bill Smith" <bill.smith at jhuapl.edu> wrote in message
news:chaabf$m1g$1 at aplcore.jhuapl.edu...
> I'm trying to authenticate to our W2K domain controllers from my UNIX box
> running Sun's kerberos distribution (SEAM) on a Solaris 9 box. When I try
> lo login using my domain logon, I get the following error
> authentication failed: Unknown code 2
> in /var/adm/messages the following message is also logged
> Sep 3 13:38:03 smithwe1-unix login: [ID 537602 auth.error] PAM-KRB5
> (auth): krb5_verify_init_creds failed: Unknown code 2
> I've done some searching and found some info indicating possible problems
> like this on Solaris 9 but so far no resolution.
> FWIW, when I run kinit, I can authenticate to the domain controllers with
> no problems.
> Any idea on what the problem(s) may be?
More information about the Kerberos