Hi folks,
Yesterday, I came across the following entry in /var/log/auth.log:
Feb 6 11:03:38 tjener su: pam_krb5(su:auth): (user roman) credential
verification failed: Cannot find key for host/tjener.intern@INTERN kvno 16 in
keytab
I also had a closer look at the following script:
/usr/share/debian-edu-config/tools/copy-host-keytab
This then lead me to the solution of my authentication problem.
My file /etc/krb5.keytab was missing many entries preventing successful user
logins. Executing the script fixed this finally.
Kind regards,
Roman
> On 01/07/2024 11:07 AM GMT roman.me...@gismap.ch wrote:
>
>
> Hi folks,
>
> Maybe the following is helping to narrow things down?
>
> I checked on /var/log/auth.log today and I'm getting the following upon
> trying to login as user mm in the console:
>
> Jan 7 11:04:34 tjener krb5kdc[2232]: AS_REQ (8 etypes {18 17 20 19 16 23 25
> 26}) 10.0.2.2: NEEDED_PREAUTH: mm@INTERN for krbtgt/INTERN@INTERN, Additional
> pre-authentication required
> Jan 7 11:04:34 tjener krb5kdc[2232]: preauth (encrypted_timestamp) verify
> failure: Preauthentication failed
> Jan 7 11:04:34 tjener krb5kdc[2232]: AS_REQ (8 etypes {18 17 20 19 16 23 25
> 26}) 10.0.2.2: PREAUTH_FAILED: mm@INTERN for krbtgt/INTERN@INTERN,
> Preauthentication failed
> Jan 7 11:04:34 tjener krb5kdc[2232]: AS_REQ (8 etypes {18 17 20 19 16 23 25
> 26}) 10.0.2.2: NEEDED_PREAUTH: mm@INTERN for krbtgt/INTERN@INTERN, Additional
> pre-authentication required
> Jan 7 11:04:34 tjener krb5kdc[2232]: preauth (encrypted_timestamp) verify
> failure: Preauthentication failed
> Jan 7 11:04:34 tjener krb5kdc[2232]: AS_REQ (8 etypes {18 17 20 19 16 23 25
> 26}) 10.0.2.2: PREAUTH_FAILED: mm@INTERN for krbtgt/INTERN@INTERN,
> Preauthentication failed
> Jan 7 11:04:34 tjener login[17928]: pam_krb5(login:auth): authentication
> failure; logname=mm uid=0 euid=0 tty=/dev/tty1 ruser= rhost=
> Jan 7 11:04:34 tjener login[17928]: pam_unix(login:auth): authentication
> failure; logname=LOGIN uid=0 euid=0 tty=/dev/tty1 ruser= rhost= user=mm
> Jan 7 11:04:38 tjener login[17928]: FAILED LOGIN (1) on '/dev/tty1' FOR
> 'mm', Authentication failure
>
> Kind regards,
> Roman