pam_krb5 can't locate my KDC

Michael B Allen mba2000 at
Mon Aug 21 01:29:24 EDT 2006

On Mon, 21 Aug 2006 05:02:06 +0100 (BST)
sayali k <sayali_s_kulkarni at> wrote:

> Hi Michael,
>   From what I know about Kerberos and the configurations for the same, ideally there is one more section which I feel should be included in the krb5.conf file. It is called the libdefaults section where we can specify the default values for some of the parameters like the domain name, ticket lifetime etc. The section looks something like this:
>   [libdefaults]
>         default_realm = MYDOMAIN.COM
>   Can you try adding the libdefaults section as well in the krb5.conf file?

With a libdefaults section I no longer see any TXT
lookups so the change definitely had an effect. Unfortunately the capture
also shows it still doesn't attempt to communicate with the KDC at all.

That was using pam.d/sshd. I tried telnet with a pam.d/telnet but for
some reason the file is ignored. Are xinetd services handled special? Does
a localhost logon bypass pam?

If I add [appdefaults] pam = { debug = true }, add *.debug to
/etc/syslog.conf and restart syslog I should see some debugging output
but I get absolutely nothing.

And I thought I was good at Linux stuff.


Michael B Allen
PHP Active Directory SSO

More information about the Kerberos mailing list