Khapare Joshi wrote:
I am testing Freeradius with kerberos. seems it is returning accept accept ... Fri Dec 21 15:05:46 2012 : Info: [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.
That is a warning message, and can be ignored.
Fri Dec 21 15:05:46 2012 : Debug: rlm_krb5: verify_krb_v5_tgt: host key not found : Permission denied
That can be ignored, too. The code worked, but was too complicated. This is already fixed in git. The fix will be in 2.2.1.
It always says permission denied then returns krb5 ok, What permission denied it is saying ?
It's a bug. Ignore it. There's no issue other than the error message is wrong.
I generated service and host principal and exported keytab file in my radius server then added /etc/raddb/modules/krb5 file. But I always get permission denied debug output.
another this is why PAP saying authentication may fail and then process the kerberos part - is this normal ?
Yes. Alan DeKok.