I just updated yesterday (tue oct 28) to latest rawhide, and now only local users can log in; users authenticated by kerberos cannot log in. The login attempt looks like this: $ ssh donal johnsonm@[censored]'s password: Connection to [censored] closed by remote host. Connection to [censored] closed. $ /var/log/secure says: sshd[10614]: Accepted password for [censored] from [censored] port [censored] ssh2 sshd[10616]: pam_krb5[10616]: default/local realm 'REDHAT.COM' sshd[10616]: pam_krb5[10616]: configured realm 'REDHAT.COM' sshd[10616]: pam_krb5[10616]: flags: sshd[10616]: pam_krb5[10616]: flag: user_check sshd[10616]: pam_krb5[10616]: flag: no krb4_convert sshd[10616]: pam_krb5[10616]: flag: warn sshd[10616]: pam_krb5[10616]: renewable lifetime: 0 sshd[10616]: pam_krb5[10616]: banner: Kerberos 5 sshd[10616]: pam_krb5[10616]: ccache dir: /tmp sshd[10616]: pam_krb5[10616]: keytab: /etc/krb5.keytab sshd[10616]: pam_krb5[10616]: called to update credentials for '[censored]' sshd[10616]: pam_krb5[10616]: _pam_krb5_sly_refresh returning 0 (Success) sshd[10616]: fatal: PAM setcred failed[3]: Error in service module /etc/pam.d/system-auth says: #%PAM-1.0 # This file is auto-generated. # User changes will be destroyed the next time authconfig is run. auth required /lib/security/$ISA/pam_env.so auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok auth sufficient /lib/security/$ISA/pam_krb5.so use_first_pass auth required /lib/security/$ISA/pam_deny.so account required /lib/security/$ISA/pam_unix.so account [default=bad success=ok user_unknown=ignore service_err=ignore system_err=ignore] /lib/security/$ISA/pam_krb5.so password required /lib/security/$ISA/pam_cracklib.so retry=3 type= password sufficient /lib/security/$ISA/pam_unix.so nullok use_authtok md5 shadow nis password sufficient /lib/security/$ISA/pam_krb5.so use_authtok password required /lib/security/$ISA/pam_deny.so session required /lib/security/$ISA/pam_limits.so session required /lib/security/$ISA/pam_unix.so session optional /lib/security/$ISA/pam_krb5.so # rpm -qa | grep krb5 krb5-devel-1.3.1-6 krb5-workstation-1.3.1-6 pam_krb5-2.0.4-1 krb5-libs-1.3.1-6
/dev/md1 4134832 4133572 0 100% / Oops.