We upgrade from 5.0 to 5.2 recently and ever since then we get repeatedly this error message from syslog:
Jun 10 11:49:23 backup-node unix_chkpwd[10088]: check pass; user unknown
Jun 10 11:49:23 backup-node unix_chkpwd[10088]: password check failed for user (primary-node$)
Jun 10 11:49:23 backup-node sshd[10087]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.0.9 user=primary-node$
Jun 10 11:49:23 backup-node sshd[10087]: pam_krb5(sshd:auth): user primary-node$ authenticated as primary-node$@EXAMPLE.ORG
Jun 10 11:49:23 backup-node unix_chkpwd[10089]: could not obtain user info (primary-node$)
Jun 10 11:49:23 backup-node sshd[10085]: Accepted keyboard-interactive/pam for primary-node$ from 192.168.0.9 port 34074 ssh2
Jun 10 11:49:23 backup-node sshd[10085]: pam_unix(sshd:session): session opened for user primary-node$(uid=2001) by (uid=0)
Jun 10 11:49:23 backup-node sshd[10085]: pam_unix(sshd:session): session closed for user primary-node$
At first glance, it doesn’t look like anything critical, PAM just tries to auth with local user, which doesn’t exist, and then uses kerberos?
We can just ignore this, right?