Hi guys, in upgrading some Ubuntu systems from Karmic (libpam-krb5 3.15-1) to Lucid (libpam-krb5 4.2-1) I discovered a problem.
SSH authentication would fail with pam_krb5 the error: "credential verification failed: KDC has no support for encryption type" However kinit usern...@realm worked fine, as did kerberized NFS mounts. I found that if I removed my krb5.keytab things ssh authentication also worked. After reading the docs I was able to get login working and keep my krb5.keytab by adding a "keytab=/foo" option to the line in my /etc/pam.d/common-auth that called pam_krb5.so. Is there a downside to doing this? I'm also wondering why my krb5.keytab is not accepted by pam_krb5. Could it be because I am authenticating in the realm=AD.ENGR.UCONN.EDU and the principals in the keytab are in the realm=ENGR.UCONN.EDU? Thanks for any assistance! Rohit -- Rohit Mehta Computer Engineer University of Connecticut Engineering Computing Services 371 Fairfield Road Unit 2031 Storrs, CT 06269-2031 Office: (860) 486 - 2331 Fax: (860) 486 - 1273 ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
