Common SEAM Error Messages (A-M)

This section provides an alphabetical list (A-M) of common error messages for the SEAM commands, SEAM daemons, PAM framework, GSS interface, the NFS service, and the Kerberos library.

major_error minor_error gssapi error importing name

Cause:

An error occurred while a service name was being imported.

Solution:

Make sure that thehost or ftp service principal is in the host's keytab file.

All authentication systems disabled; connection refused

Cause:

This version of rlogind does not support any authentication mechanism.

Solution:

Make sure that rlogind is invoked with the -k option. In fact, this should be the default specified in the inetd.conf file.

Another authentication mechanism must be used to access this host

Cause:

Authentication could not be done.

Solution:

Make sure the client is using Kerberos V5 for authentication.

Authentication negotiation has failed, which is required for encryption. Good bye.

Cause:

Authentication could not be negotiated with the server.

Solution:

Start authentication debugging by invoking the telnet command toggle authdebug and look at the debug messages for further clues. Also, make sure you have valid credentials.

Cannot encrypt-write network

Cause:

Problem occurred in encrypting data.

Solution:

Check for other possible problems in the system. Examine other syslog messages for further clues.

Client did not supply required checksum--connection rejected

Cause:

Authentication with checksum was not negotiated with the client. The client may be using an old Kerberos V5 protocol that does not support initial connection support.

Solution:

Make sure that the client is using a Kerberos V5 protocol that supports initial connection support.

Configuration error: Requiring checksums with -c is inconsistent with allowing Kerberos V4 connections

Cause:

Authentication with checksum was not negotiated with the client. The client might be using an old Kerberos V5 protocol that does not support initial connection support.

Solution:

Make sure the client is using a Kerberos V5 protocol that supports initial connection support.

des_read retry count exceeded

Cause:

An error repeatedly occurred while reading data.

Solution:

Check for other possible problems in the system. Examine other syslog messages for further clues.

Encryption could not be enabled. Goodbye.

Cause:

Encryption could not be negotiated with the server.

Solution:

Start authentication debugging by invoking the telnet command toggle encdebug and look at the debug messages for further clues.

Kerberos V5 refuses authentication

Cause:

Authentication could not be negotiated with the server.

Solution:

Start authentication debugging by invoking the telnet command toggle authdebug and look at the debug messages for further clues. Also, make sure you have valid credentials.

login: load_modules: can not open module /usr/lib/security/pam_krb5.so.1

Cause:

Either the Kerberos PAM module is missing or it is not a valid executable binary.

Solution:

Make sure that the Kerberos PAM module is in the /usr/lib/security directory and that it is a valid executable binary. Also, make sure that the /etc/pam.conf file contains the correct path to pam_krb5.so.1.