Kerberos and Solaris 9 problems mr.bmonroe at
Thu Mar 30 19:26:29 EST 2006

Hey all,

I'm trying to configure a Solaris 9 server to authenticate against an
Win 2000 ADS server with mixed results and was looking for some

So here's the thing; Once logged in, I can run kinit and aquire a

     # kinit
     Password for user_name at REALM.COM:
     # klist
     Ticket cache: /tmp/krb5cc_7155
     Default principal: user_name at REALM.COM

     Valid starting                       Expires
Service principal
     Thu Mar 30 16:14:41 2006  Fri Mar 31 02:14:41 2006
             renew until Thu Apr 06 17:14:41 2006

But, I can not authenticate with PAM to save my life (with any remote
client; telnet, ssh, etc).

Sshd's PAM entry looks like:

     sshd    auth requisite
     sshd    auth required 
     sshd    auth required  use_first_pass debug
     sshd    auth sufficient

The errors I get in /var/adm/messages are:

     Mar 30 16:19:21 servername sshd[3245]: [ID 537602 auth.error]
PAM-KRB5 (auth): krb5_verify_init_creds failed: Decrypt integrity check

Is there something I am doing wrong?  Telnet fails with the same error.
 Is this an issue with Solaris 9's built in kerb support (I am not
using MIT's).

If you could help point me in the right direction, I'd be much


More information about the Kerberos mailing list