Subject: | |
From: | |
Reply To: | |
Date: | Tue, 8 Jun 2010 15:26:26 -0700 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
> Jun 8 18:07:56 eib199dhcp180 sshd[5789]: pam_krb5[5789]: authentication
> fails for 'lfq' ([log in to unmask] <mailto:[log in to unmask]>): Authentication
> service cannot retrieve authentication info (Cannot contact any KDC for
> requested realm)
This means that your computer can't get any sort of credentials from
your kerberos server. Can you log into this computer from a physical
terminal at the machine with the same username and password?
If you can, make sure that SSH is using PAM (looks like it already is
but check just in case) you can do this by having the following line in
your /etc/ssh/sshd_config
--------------------
UsePAM yes
--------------------
If you can't log into your machine at a physical terminal, then there
are a couple of things you need to make sure of:
1) Is your time different on the kerberos server than on your computer?
2) Is your username and password correct and does kerberos know that?
3) Is your computer actually connecting to the kerberos server properly?
(Check your client settings in /etc/krb5.conf)
Most of these questions can be answered by your systems administrator. :)
If you _are_ the systems administrator, search for "lfq" in
"/var/log/krb5kdc.log" - you may get something out of that. (although I
never seem to have much luck with that myself)
Most problems I've encountered are when the server and client time are
mismatched by about an hour.
Hope this helps!
-Chris
|
|
|