pam_krb5: unable to get PAM_KRB5CCNAME, assuming non-Kerberos login
Adam Megacz
megacz at cs.berkeley.edu
Thu May 31 22:06:43 EDT 2007
For the record, this turned out to be the result of the user having a
bogus ~/.k5login.
- a
Russ Allbery <rra at stanford.edu> writes:
> Adam Megacz <megacz at cs.berkeley.edu> writes:
>
>> Can anybody tell me what this message means, and how to fix the problem
>> it appears to indicate?
>
>> May 13 17:46:52 goliath sshd[6468]: (pam_krb5): root: unable to get PAM_KRB5CCNAME, assuming non-Kerberos login
>
> It means that the pam_krb5 auth stack either never ran or failed, and
> therefore setcred and open_session will be skipped. pam_krb5 only does
> ticket cache setup if pam_krb5 was the one doing the authentication.
>
> If you're doing GSSAPI authentication to sshd, this is normal, since sshd
> does ticket cache setup itself in that case and pam_krb5 doesn't need to
> do anything.
>
> --
> Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>
> ________________________________________________
> Kerberos mailing list Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>
--
PGP/GPG: 5C9F F366 C9CF 2145 E770 B1B8 EFB1 462D A146 C380
More information about the Kerberos
mailing list