Re: User login issue

Wed, 07 Feb 2024 03:51:41 -0800 

Hi folks,

Yesterday, I came across the following entry in /var/log/auth.log:

Feb  6 11:03:38 tjener su: pam_krb5(su:auth): (user roman) credential 
verification failed: Cannot find key for host/tjener.intern@INTERN kvno 16 in 
keytab

I also had a closer look at the following script:
/usr/share/debian-edu-config/tools/copy-host-keytab

This then lead me to the solution of my authentication problem.

My file /etc/krb5.keytab was missing many entries preventing successful user 
logins. Executing the script fixed this finally.

Kind regards,
Roman

> On 01/07/2024 11:07 AM GMT roman.me...@gismap.ch wrote:
> 
>  
> Hi folks,
> 
> Maybe the following is helping to narrow things down?
> 
> I checked on /var/log/auth.log today and I'm getting the following upon 
> trying to login as user mm in the console:
> 
> Jan  7 11:04:34 tjener krb5kdc[2232]: AS_REQ (8 etypes {18 17 20 19 16 23 25 
> 26}) 10.0.2.2: NEEDED_PREAUTH: mm@INTERN for krbtgt/INTERN@INTERN, Additional 
> pre-authentication required
> Jan  7 11:04:34 tjener krb5kdc[2232]: preauth (encrypted_timestamp) verify 
> failure: Preauthentication failed
> Jan  7 11:04:34 tjener krb5kdc[2232]: AS_REQ (8 etypes {18 17 20 19 16 23 25 
> 26}) 10.0.2.2: PREAUTH_FAILED: mm@INTERN for krbtgt/INTERN@INTERN, 
> Preauthentication failed
> Jan  7 11:04:34 tjener krb5kdc[2232]: AS_REQ (8 etypes {18 17 20 19 16 23 25 
> 26}) 10.0.2.2: NEEDED_PREAUTH: mm@INTERN for krbtgt/INTERN@INTERN, Additional 
> pre-authentication required
> Jan  7 11:04:34 tjener krb5kdc[2232]: preauth (encrypted_timestamp) verify 
> failure: Preauthentication failed
> Jan  7 11:04:34 tjener krb5kdc[2232]: AS_REQ (8 etypes {18 17 20 19 16 23 25 
> 26}) 10.0.2.2: PREAUTH_FAILED: mm@INTERN for krbtgt/INTERN@INTERN, 
> Preauthentication failed
> Jan  7 11:04:34 tjener login[17928]: pam_krb5(login:auth): authentication 
> failure; logname=mm uid=0 euid=0 tty=/dev/tty1 ruser= rhost=
> Jan  7 11:04:34 tjener login[17928]: pam_unix(login:auth): authentication 
> failure; logname=LOGIN uid=0 euid=0 tty=/dev/tty1 ruser= rhost=  user=mm
> Jan  7 11:04:38 tjener login[17928]: FAILED LOGIN (1) on '/dev/tty1' FOR 
> 'mm', Authentication failure
> 
> Kind regards,
> Roman

Reply via email to