pam_krb5: unable to get PAM_KRB5CCNAME, assuming non-Kerberos login
Russ Allbery
rra at stanford.edu
Mon May 14 16:05:14 EDT 2007
Adam Megacz <megacz at cs.berkeley.edu> writes:
> Can anybody tell me what this message means, and how to fix the problem
> it appears to indicate?
> May 13 17:46:52 goliath sshd[6468]: (pam_krb5): root: unable to get PAM_KRB5CCNAME, assuming non-Kerberos login
It means that the pam_krb5 auth stack either never ran or failed, and
therefore setcred and open_session will be skipped. pam_krb5 only does
ticket cache setup if pam_krb5 was the one doing the authentication.
If you're doing GSSAPI authentication to sshd, this is normal, since sshd
does ticket cache setup itself in that case and pam_krb5 doesn't need to
do anything.
--
Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>
More information about the Kerberos
mailing list