Description of problem: Since vixie-cron 4.1-40.FC4 was installed, I'm seeing lots of the following messages: Jan 24 06:40:01 wind crond[26807]: pam_krb5[26807]: no v5 creds for user 'root', skipping session setup Jan 24 06:40:02 wind crond[26807]: pam_krb5[26807]: no v5 creds for user 'root', skipping session cleanup Jan 24 06:40:06 wind crond[26808]: pam_krb5[26808]: no v5 creds for user 'root', skipping session cleanup Jan 24 06:40:08 wind crond[26809]: pam_krb5[26809]: no v5 creds for user 'cactiuser', skipping session cleanup Not sure if this is really a cron or pam issue, but it is annowying to get this many messages.
*** Bug 178939 has been marked as a duplicate of this bug. ***
This bug is now fixed with vixie-cron-4.1-41.FC4, released to updates/testing today. With vixie-cron-4.1-40.FC4, after it came to my attention that the pam_unix module did nothing for the session phase except log unwanted messages, I changed the /etc/pam.d/crond file from: --- auth sufficient pam_rootok.so auth required pam_stack.so service=system-auth auth required pam_env.so account required pam_stack.so service=system-auth account required pam_access.so session required pam_stack.so service=system-auth session required pam_loginuid.so --- To: --- auth sufficient pam_rootok.so auth required pam_stack.so service=system-auth auth required pam_env.so account required pam_stack.so service=system-auth account required pam_access.so session required pam_loginuid.so session required pam_limits.so session optional pam_krb5.so --- since system-auth contained: --- session required /lib/security/$ISA/pam_limits.so session required /lib/security/$ISA/pam_unix.so session optional /lib/security/$ISA/pam_krb5.so --- I wanted to keep the crond session stack the same except for the removal of the pam_unix module. This had the unwanted effect of causing the new pam_krb5 debugging log messages to be logged to /var/log/cron: crond[3599]: pam_krb5[3599]: no v5 creds for user 'root', skipping session setup crond[3600]: (root) CMD (logger job $$) crond[3599]: pam_krb5[3599]: no v5 creds for user 'root', skipping session cleanup Having checked with the pam_krb5 maintainer, it now appears that pam_krb5 does nothing for the crond pam session, since it is not a login session - so we can remove pam_krb5 from crond's pam config file also - it is so removed from vixie-cron-4.1-41.FC4's /etc/pam.d/crond . But the weird thing is for pam / pam_krb5 - why did just moving the pam_krb5 session requirement from the system-auth file to the crond file cause the extra debug log messages to be generated ?
There's probably some "confusion" between pam_krb5's internal debug() function and the one used by crond. Most of the debugging messages in pam_krb5 are wrapped inside of checks for pam_krb5's debug flag, but these two aren't, so they expose that confusion.
From User-Agent: XML-RPC vixie-cron-4.1-41.FC4 has been pushed for FC4, which should resolve this issue. If these problems are still present in this version, then please make note of it in this bug report.