On 7/22/2011 5:13 AM, jm130794 wrote: > Hello, > > I tried to use pam_krb5 module without success. With debug option on > pam_unix and pam_krb5 module, I get that in auth.log : > > Jul 22 11:04:14 krbclient login[3517]: pam_krb5(login:auth): > pam_sm_authenticate: entry (0x0) > Jul 22 11:04:14 krbclient login[3517]: pam_krb5(login:auth): (user > testuser) attempting authentication as [email protected] > <mailto:[email protected]> > Jul 22 11:04:16 krbclient login[3517]: pam_krb5(login:auth): user > testuser authenticated as [email protected] <mailto:[email protected]> > Jul 22 11:04:16 krbclient login[3517]: pam_krb5(login:auth): > pam_sm_authenticate: exit (success) > Jul 22 11:04:16 krbclient login[3517]: pam_unix(login:account): could > not identify user (from getpwnam(testuser)) > Jul 22 11:04:16 krbclient login[3517]: Authentication failure
It means pam_unix could not look up your user account information (via NSS; in your case supposedly LDAP). Check that the output of 'getent passwd testuser' is correct. getent will use the NSS sources as specified in /etc/nsswitch.conf for the 'passwd' data source. ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
