pam_krb5: unable to get PAM_KRB5CCNAME, assuming non-Kerberos login

Adam Megacz megacz at
Thu May 31 22:06:43 EDT 2007

For the record, this turned out to be the result of the user having a
bogus ~/.k5login.

  - a

Russ Allbery <rra at> writes:
> Adam Megacz <megacz at> writes:
>> Can anybody tell me what this message means, and how to fix the problem
>> it appears to indicate?
>>   May 13 17:46:52 goliath sshd[6468]: (pam_krb5): root: unable to get PAM_KRB5CCNAME, assuming non-Kerberos login
> It means that the pam_krb5 auth stack either never ran or failed, and
> therefore setcred and open_session will be skipped.  pam_krb5 only does
> ticket cache setup if pam_krb5 was the one doing the authentication.
> If you're doing GSSAPI authentication to sshd, this is normal, since sshd
> does ticket cache setup itself in that case and pam_krb5 doesn't need to
> do anything.
> -- 
> Russ Allbery (rra at             <>
> ________________________________________________
> Kerberos mailing list           Kerberos at

PGP/GPG: 5C9F F366 C9CF 2145 E770  B1B8 EFB1 462D A146 C380

More information about the Kerberos mailing list