root login via Kerberos5 - "User not known to the underlying authentication module" - why?

steve steve at steve-ss.com
Sun Mar 30 07:37:40 EDT 2014


On Sat, 2014-03-29 at 21:33 +0100, Wendy Lin wrote:
> On 29 March 2014 16:07, steve <steve at steve-ss.com> wrote:
> > On Sat, 2014-03-29 at 14:01 +0100, Wendy Lin wrote:
> >
> >> login: pam_krb5[3808]: user 'root' was not authenticated by pam_krb5,
> >> returning "User not known to the underlying authentication module"
> >
> > Hi
> > Can root get a ticket?
> > kinit -k root -t /etc/krb5.keytab
> 
> # klist
> klist: No credentials cache found (ticket cache DIR::/run/user/0/krb5cc/tkt)
If it's not working for keytab logins, add:
default_ccache_name = /tmp/krb5cc_%{uid}
to [libdefaults]

> # kinit -k root -t /etc/krb5.keytab
> kinit: Password incorrect while getting initial credentials
The root key in the keytab is invalid.
try:
ktutil: addent -password -p root at EXAMPLE.COM -k 1 -e arcfour-hmac
ktutil: wkt /etc/krb5.keytab

add other enctype flavours to taste
HTH
Steve




More information about the Kerberos mailing list