[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Unknown errors
My apologies for the multiple lists, but I have no idea where exactly the
problem lies. Feel free to reply only to one list, I read both.
This problem is actually occuring within pam_krb5, compiled for Heimdal, but
I think it's Heimdal acting up, but I can't tell, because the error message
is:
verify_krb_v5_tgt(): krb5_kt_read_service_key(): Unknown error 2529639093
That is a honking big number.
At any rate, without a known error number nobody knows what's going on,
fairly obviously. On an strace, the error is printed right after reading
through /etc/krb5.keytab, so I think this might be the source of the problem
- I have no real idea about the damn things. After noticing that the host
had no krb5.keytab file, I tried the following:
kadmin add -r host/klystron.ieee.uow.edu.au
kadmin ext host/klystron.ieee.uow.edu.au
ktutil list
which produced:
Vno Type Principal
1 des-cbc-crc host/klystron.ieee.uow.edu.au
1 des-cbc-md4 host/klystron.ieee.uow.edu.au
1 des-cbc-md5 host/klystron.ieee.uow.edu.au
1 des3-cbc-sha1 host/klystron.ieee.uow.edu.au
However, now, after producing the above error, I get an additional error of
pam_sm_authenticate(squid mjp16): pam_get_data(): ccache data already
present
which doesn't fill me with joy.
So, what am I doing wrong? Is the issue with the krb5.keytab a red herring,
and if so, what is the problem?
For reference, the overall issue is one of squid authentication - I'm using
the squid pam_auth program, with a very simple squid pam config of
auth required pam_krb5.so
I also tried sufficient but that didn't help.
--
-----------------------------------------------------------------------
#include <disclaimer.h>
Matthew Palmer
mjp16@ieee.uow.edu.au