[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Unknown errors

On 11 Jan 2002, Sam Hartman wrote:

> One thing you should certainly do is supply the pam_krb5 option not to
> write out the credentials cache.  That will probably fix your second
> error but not the unknown error.

OK, I'll give that a go.  I wasn't aware of that option.

I fixed the problem I was having in another way - tell Squid to reset the
PAM system after every auth attempt.  That seems to work, and it fixed a bug
in Squid along the way.  But the no_ccache option looks like it would have
done the trick too.

> The unknown error bignum you're seeing is a com_err code.  The fact
> that the error is unknown suggests a build problem with your Heimdal
> or PAM module.

It's all Debian packages, without any rebuilds.  I get quite a few Unknown
Errors in the logs for pam_krb5 (Heimdal edition), I just live with them. 
One which I get frequently, but which doesn't seem to break anything, is

pam_krb5: verify_krb_v5_tgt(): krb5_kt_read_service_key(): Unknown error

but the line immediately following that one in the logs is

pam_krb5: pam_sm_authenticate(ssh mjp16): exit: success

so it's not stopping the auth from succeeding.

This error is, I think, to do with the keytab, which I still don't know how
to set properly.  I thought I did, but when /etc/krb5.keytab exists pam_krb5
will not work in any way, so I must have something broken somewhere.

#include <disclaimer.h>
Matthew Palmer