Tollef Fog Heen <[EMAIL PROTECTED]> writes:
> I'm unable to get libpam-krb5 to give me kerberos tickets when unlocking
> the screen.
>
> syslog contains:
>
> Aug 31 21:16:45 xoog gnome-screensaver-dialog: (pam_krb5): tfheen: credential
> verification failed: Decrypt integrity check failed
That error message means that when pam_krb5 attempted to verify the
Kerberos authentication by checking a service ticket obtained with the TGT
against your local keytab file, it was able to read the keytab file but
checking the service ticket failed.
Things to check:
* Does /etc/krb5.keytab (or whatever KRB5_KTNAME is set to in the
environment) have a reasonable principal and key in it? Generally, it
should be host/<system>.
* Is that the current key? The most common cause of this problem is an
outdated keytab for a principal whose key has since changed.
* Can you obtain tickets using that keytab file with:
kinit -k -t /etc/krb5.keytab <principal>
where <principal> is whatever you have keys for there (klist -k will
show you)? If so, that should verify that the keytab isn't out of
date.
--
Russ Allbery ([EMAIL PROTECTED]) <http://www.eyrie.org/~eagle/>
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
