pam_krb5: unable to get PAM_KRB5CCNAME, assuming non-Kerberos login

Russ Allbery rra at stanford.edu
Mon May 14 16:05:14 EDT 2007


Adam Megacz <megacz at cs.berkeley.edu> writes:

> Can anybody tell me what this message means, and how to fix the problem
> it appears to indicate?

>   May 13 17:46:52 goliath sshd[6468]: (pam_krb5): root: unable to get PAM_KRB5CCNAME, assuming non-Kerberos login

It means that the pam_krb5 auth stack either never ran or failed, and
therefore setcred and open_session will be skipped.  pam_krb5 only does
ticket cache setup if pam_krb5 was the one doing the authentication.

If you're doing GSSAPI authentication to sshd, this is normal, since sshd
does ticket cache setup itself in that case and pam_krb5 doesn't need to
do anything.

-- 
Russ Allbery (rra at stanford.edu)             <http://www.eyrie.org/~eagle/>



More information about the Kerberos mailing list