Hi,

I recently brought up a test box running Redhat 9 that authenticates against our Windows 2000 Active Directory controllers using kerberos. The authentication works perfectly, but I keep recieving annoying messages in my logs:

Sep 22 19:40:40 skynet sshd(pam_unix)[19627]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=box1.network.net user=macdude
Sep 22 19:40:40 skynet sshd[19627]: pam_krb5: authentication succeeds for `macdude'
Sep 22 19:40:40 skynet sshd(pam_unix)[19628]: session opened for user macdude by (uid=0)

As you can see the login succeeds, but a failure is recorded. I recieve an almost identical error message when logging in via the console. Not a big deal, but it clutters up my logs. Any help would be appreciated.

P.S. Does anyone know if openSSH 3.7.x supports kerberos authentication with the SSH 2 protocol? If so, do you know of any FREE SSH Clients for Windows that support kerberos authentication. I'm attempting to implement single sign on.......

"debug" settings in pam config?

I figured it out. In the auth section of /etc/pam.d/system-auth I placed the kerberos line ABOVE pam_unix - and the errors went away.