For the record, this turned out to be the result of the user having a bogus ~/.k5login.
- a Russ Allbery <[EMAIL PROTECTED]> writes: > Adam Megacz <[EMAIL PROTECTED]> writes: > >> Can anybody tell me what this message means, and how to fix the problem >> it appears to indicate? > >> May 13 17:46:52 goliath sshd[6468]: (pam_krb5): root: unable to get >> PAM_KRB5CCNAME, assuming non-Kerberos login > > It means that the pam_krb5 auth stack either never ran or failed, and > therefore setcred and open_session will be skipped. pam_krb5 only does > ticket cache setup if pam_krb5 was the one doing the authentication. > > If you're doing GSSAPI authentication to sshd, this is normal, since sshd > does ticket cache setup itself in that case and pam_krb5 doesn't need to > do anything. > > -- > Russ Allbery ([EMAIL PROTECTED]) <http://www.eyrie.org/~eagle/> > ________________________________________________ > Kerberos mailing list Kerberos@mit.edu > https://mailman.mit.edu/mailman/listinfo/kerberos > -- PGP/GPG: 5C9F F366 C9CF 2145 E770 B1B8 EFB1 462D A146 C380 ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos