LW_ERROR_KRB5_CC_NOMEM

Error

The following error is returned during a login attempt. The user cannot authenticate.

LW_ERROR_KRB5_CC_NOMEM

Cause

This issue typically occurs because there is an issue with the user's Kerberos cache file. There will be events like the following in the lsass debug log file.

6.1/src/linux/lsass/server/api/auth.c:174] Failed to authenticate user (name = 'username') -> error = 41931, symbol = LW_ERROR_KRB5_CC_NOMEM, client pid = -1
6.1/src/linux/lwadvapi/threaded/lwkrb5.c:613] KRB5 Error code: -1765328186 (Message: No more memory to allocate (in credentials cache code))

In this particular case, there was an old /tmp/krb5cc_<uid> Kerberos cache file for the user. Once the file was deleted, the user could authenticate and a new Kerberos cache file was created with the new UID.

Resolution

Delete the /tmp/krb5cc_<uid> file. Attempt to authenticate and the user should be allowed in.