Issue with Kerberos

Alan DeKok aland at
Fri Dec 21 16:21:19 CET 2012

Khapare Joshi wrote:
> I am testing Freeradius with kerberos. seems it is returning accept accept
> Fri Dec 21 15:05:46 2012 : Info: [pap] WARNING! No "known good" password
> found for the user.  Authentication may fail because of this.

  That is a warning message, and can be ignored.

> Fri Dec 21 15:05:46 2012 : Debug: rlm_krb5: verify_krb_v5_tgt: host key
> not found : Permission denied

  That can be ignored, too.  The code worked, but was too complicated.
This is already fixed in git.  The fix will be in 2.2.1.

> It always says permission denied then returns krb5 ok, What permission
> denied it is saying ?

  It's a bug.  Ignore it.  There's no issue other than the error message
is wrong.

> I generated service and host principal and
> exported keytab file in my radius server then added
> /etc/raddb/modules/krb5 file. But I always get permission denied debug
> output. 
> another this is why PAP saying authentication may fail and then process
> the kerberos part - is this normal ? 


  Alan DeKok.

More information about the Freeradius-Users mailing list