Hi folks, Yesterday, I came across the following entry in /var/log/auth.log:
Feb 6 11:03:38 tjener su: pam_krb5(su:auth): (user roman) credential verification failed: Cannot find key for host/tjener.intern@INTERN kvno 16 in keytab I also had a closer look at the following script: /usr/share/debian-edu-config/tools/copy-host-keytab This then lead me to the solution of my authentication problem. My file /etc/krb5.keytab was missing many entries preventing successful user logins. Executing the script fixed this finally. Kind regards, Roman > On 01/07/2024 11:07 AM GMT roman.me...@gismap.ch wrote: > > > Hi folks, > > Maybe the following is helping to narrow things down? > > I checked on /var/log/auth.log today and I'm getting the following upon > trying to login as user mm in the console: > > Jan 7 11:04:34 tjener krb5kdc[2232]: AS_REQ (8 etypes {18 17 20 19 16 23 25 > 26}) 10.0.2.2: NEEDED_PREAUTH: mm@INTERN for krbtgt/INTERN@INTERN, Additional > pre-authentication required > Jan 7 11:04:34 tjener krb5kdc[2232]: preauth (encrypted_timestamp) verify > failure: Preauthentication failed > Jan 7 11:04:34 tjener krb5kdc[2232]: AS_REQ (8 etypes {18 17 20 19 16 23 25 > 26}) 10.0.2.2: PREAUTH_FAILED: mm@INTERN for krbtgt/INTERN@INTERN, > Preauthentication failed > Jan 7 11:04:34 tjener krb5kdc[2232]: AS_REQ (8 etypes {18 17 20 19 16 23 25 > 26}) 10.0.2.2: NEEDED_PREAUTH: mm@INTERN for krbtgt/INTERN@INTERN, Additional > pre-authentication required > Jan 7 11:04:34 tjener krb5kdc[2232]: preauth (encrypted_timestamp) verify > failure: Preauthentication failed > Jan 7 11:04:34 tjener krb5kdc[2232]: AS_REQ (8 etypes {18 17 20 19 16 23 25 > 26}) 10.0.2.2: PREAUTH_FAILED: mm@INTERN for krbtgt/INTERN@INTERN, > Preauthentication failed > Jan 7 11:04:34 tjener login[17928]: pam_krb5(login:auth): authentication > failure; logname=mm uid=0 euid=0 tty=/dev/tty1 ruser= rhost= > Jan 7 11:04:34 tjener login[17928]: pam_unix(login:auth): authentication > failure; logname=LOGIN uid=0 euid=0 tty=/dev/tty1 ruser= rhost= user=mm > Jan 7 11:04:38 tjener login[17928]: FAILED LOGIN (1) on '/dev/tty1' FOR > 'mm', Authentication failure > > Kind regards, > Roman