No credentials cache found while validating credentials
If the module did participate in authenticating the user, it will check for an expired user password and verify the user's authorization using the .k5login file of the user being authenticated, which is expected to be accessible to the module.
tells pam_krb5to obtain credentials without address lists.
tells pam_krb5to obtain tokens for the named cells, in addition to the local cell, for the user.
tells pam_krb5to obtain credentials using the addresses of the given hosts in addition to the addresses of interfaces on the local workstation.For example, if your workstation is behind a masquerading firewall, specifying the firewall's outward-facing address here should allow Kerberos authentication to succeed.This option is deprecated in favor of the extra_addresses flag in the libdefaults section of krb5.conf(5).The list is treated as a template, and these sequences are substituted: %u login name %U login UID %p principal name %r realm name %h home directory %d the default ccache directory %P the current process ID %% literal '%' signals that pam_krb5should create a new AFS PAG and obtain AFS tokens during authentication in addition to session setup.This is primarily useful in server applications which need to access a user's files but which do not open PAM sessions before doing so.
Search for no credentials cache found while validating credentials:
The libdefaults verify_ap_req_nofail setting can affect whether or not errors reading the keytab which are encountered during validation will be suppressed.