Login with Kerberos auth

Jeff Blaine jblaine at kickflop.net
Fri Jul 22 09:26:47 EDT 2011


On 7/22/2011 5:13 AM, jm130794 wrote:
> Hello,
>
> I tried to use pam_krb5 module without success. With debug option on
> pam_unix and pam_krb5 module, I get that in auth.log :
>
> Jul 22 11:04:14 krbclient login[3517]: pam_krb5(login:auth):
> pam_sm_authenticate: entry (0x0)
> Jul 22 11:04:14 krbclient login[3517]: pam_krb5(login:auth): (user
> testuser) attempting authentication as testuser at EXAMPLE.COM
> <mailto:testuser at EXAMPLE.COM>
> Jul 22 11:04:16 krbclient login[3517]: pam_krb5(login:auth): user
> testuser authenticated as testuser at EXAMPLE.COM <mailto:testuser at EXAMPLE.COM>
> Jul 22 11:04:16 krbclient login[3517]: pam_krb5(login:auth):
> pam_sm_authenticate: exit (success)
> Jul 22 11:04:16 krbclient login[3517]: pam_unix(login:account): could
> not identify user (from getpwnam(testuser))
> Jul 22 11:04:16 krbclient login[3517]: Authentication failure

It means pam_unix could not look up your user account
information (via NSS; in your case supposedly LDAP).

Check that the output of 'getent passwd testuser' is
correct.  getent will use the NSS sources as specified
in /etc/nsswitch.conf for the 'passwd' data source.



More information about the Kerberos mailing list