On Mon, 2011-04-11 at 15:56 -0400, Russ Allbery wrote: > You've got all the information that pam_krb5 has. It did a password > authentication, and the key formed from the password didn't decrypt the > KDC reply. There isn't much else it can tell you.
There is one thing pam_krb5 could do to help debug problems like this, which is provide an option to turn on krb5 tracing if krb5_set_trace_filename() is available (MIT krb5 1.9 or later). Since pam_krb5 creates a secure context, the KRB5_TRACE environment variable doesn't operate. ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
