[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Unknown errors

My apologies for the multiple lists, but I have no idea where exactly the
problem lies.  Feel free to reply only to one list, I read both.

This problem is actually occuring within pam_krb5, compiled for Heimdal, but
I think it's Heimdal acting up, but I can't tell, because the error message

verify_krb_v5_tgt(): krb5_kt_read_service_key(): Unknown error 2529639093

That is a honking big number.

At any rate, without a known error number nobody knows what's going on,
fairly obviously.  On an strace, the error is printed right after reading
through /etc/krb5.keytab, so I think this might be the source of the problem
- I have no real idea about the damn things.  After noticing that the host
had no krb5.keytab file, I tried the following:

kadmin add -r host/klystron.ieee.uow.edu.au
kadmin ext host/klystron.ieee.uow.edu.au
ktutil list

which produced:

Vno  Type           Principal
  1  des-cbc-crc    host/klystron.ieee.uow.edu.au
  1  des-cbc-md4    host/klystron.ieee.uow.edu.au
  1  des-cbc-md5    host/klystron.ieee.uow.edu.au
  1  des3-cbc-sha1  host/klystron.ieee.uow.edu.au

However, now, after producing the above error, I get an additional error of

pam_sm_authenticate(squid mjp16): pam_get_data(): ccache data already

which doesn't fill me with joy.

So, what am I doing wrong?  Is the issue with the krb5.keytab a red herring,
and if so, what is the problem?

For reference, the overall issue is one of squid authentication - I'm using
the squid pam_auth program, with a very simple squid pam config of

auth	required	pam_krb5.so

I also tried sufficient but that didn't help.

#include <disclaimer.h>
Matthew Palmer