5 Replies Latest reply: Nov 5, 2011 1:22 PM by Redarm
Redarm Level 4 Level 4 (2,580 points)

The case:

Put in the password, hit enter, the screen goes blue for half a second, then goes back to login screen and carries on logging in as usual.  Drives me mad.

 

Troubleshooting steps done already:

It doesn't happen with a fresh Lion installation, nor if booted into safe mode.  On the machine in question it also happens to new user accounts.

I've removed all login items, including Startup Items, Launch Daemons and Agents, I've compared system login plists with a fresh Lion installation - can't see differences.  I've removed Little Snitch and PeerGuardian (no more third party kexts).

I've done disk maintenance with DiskUtility and even tried DiskWarrior, cleaned caches, etc.

 

Smc and Pram have been reset several time (for another issue), not that I would have expected them to work, but you never know.

 

Any ideas would be gratefully received.


MacBook Pro, Mac OS X (10.7.2), 8,2 - Early 2011
  • Redarm Level 4 Level 4 (2,580 points)

    By the way, I'm not necessarily looking for a solution.  Just some input on where to go from here, somebody with the same experience, or just to bounce ideas would help.

    Is there really nobody in this forum that knows which files are in use after the password has been sent?  Security/Certificates maybe?  Are certificates blocked when starting up in safe mode? (I've also tried to exchange the login keychain, but as it's for every user it's more likely to reside in the system keychain, or am I totally in the wrong direction here?  Compared the system keychain to "good" Lion installation, but with iCloud and all these new certs I don't know)

  • Redarm Level 4 Level 4 (2,580 points)

    That's what's going on at the LoginWindow (secure.log):

    Nov  2 13:48:56 Users-MacBookPro loginwindow[81]: Login Window Started Security Agent

    Nov  2 13:48:56 Users-MacBookPro SecurityAgent[164]: Echo enabled

    Nov  2 13:49:02 Users-MacBookPro SecurityAgent[164]: User info context values set for user

    Nov  2 13:49:02 Users-MacBookPro authorizationhost[192]: in pam_sm_authenticate(): Got user: user

    Nov  2 13:49:02 Users-MacBookPro authorizationhost[192]: in pam_sm_authenticate(): Got ruser: (null)

    Nov  2 13:49:02 Users-MacBookPro authorizationhost[192]: in pam_sm_authenticate(): Got service: authorization

    Nov  2 13:49:02 Users-MacBookPro authorizationhost[192]: in od_principal_for_user(): No authentication authority returned

    Nov  2 13:49:02 Users-MacBookPro authorizationhost[192]: in od_principal_for_user(): failed: 7

    Nov  2 13:49:02 Users-MacBookPro authorizationhost[192]: in pam_sm_authenticate(): Failed to determine Kerberos principal name.

    Nov  2 13:49:02 Users-MacBookPro authorizationhost[192]: in pam_sm_authenticate(): Done cleanup3

    Nov  2 13:49:02 Users-MacBookPro authorizationhost[192]: in pam_sm_authenticate(): Kerberos 5 refuses you

    Nov  2 13:49:02 Users-MacBookPro authorizationhost[192]: in pam_sm_authenticate(): pam_sm_authenticate: ntlm

    Nov  2 13:49:02 Users-MacBookPro authorizationhost[192]: in pam_sm_authenticate(): OpenDirectory - The authtok is incorrect.

    Nov  2 13:49:02 Users-MacBookPro authorizationhost[192]: Failed to authenticate user <user> (error: 9).

    Nov  2 13:49:06 Users-MacBookPro SecurityAgent[164]: User info context values set for user

    Nov  2 13:49:06 Users-MacBookPro authorizationhost[192]: in pam_sm_authenticate(): Got user: user

    Nov  2 13:49:06 Users-MacBookPro authorizationhost[192]: in pam_sm_authenticate(): Got ruser: (null)

    Nov  2 13:49:06 Users-MacBookPro authorizationhost[192]: in pam_sm_authenticate(): Got service: authorization

    Nov  2 13:49:06 Users-MacBookPro authorizationhost[192]: in od_principal_for_user(): No authentication authority returned

    Nov  2 13:49:06 Users-MacBookPro authorizationhost[192]: in od_principal_for_user(): failed: 7

    Nov  2 13:49:06 Users-MacBookPro authorizationhost[192]: in pam_sm_authenticate(): Failed to determine Kerberos principal name.

    Nov  2 13:49:06 Users-MacBookPro authorizationhost[192]: in pam_sm_authenticate(): Done cleanup3

    Nov  2 13:49:06 Users-MacBookPro authorizationhost[192]: in pam_sm_authenticate(): Kerberos 5 refuses you

    Nov  2 13:49:06 Users-MacBookPro authorizationhost[192]: in pam_sm_authenticate(): pam_sm_authenticate: ntlm

    Nov  2 13:49:06 Users-MacBookPro authorizationhost[192]: in pam_sm_acct_mgmt(): OpenDirectory - Membership cache TTL set to 1800.

    Nov  2 13:49:07 Users-MacBookPro authorizationhost[192]: in od_record_check_pwpolicy(): retval: 0

    Nov  2 13:49:07 Users-MacBookPro authorizationhost[192]: in od_record_attribute_create_cfstring(): returned 2 attributes for dsAttrTypeStandard:AuthenticationAuthority

    Nov  2 13:49:07 Users-MacBookPro authorizationhost[192]: in pam_sm_setcred(): Establishing credentials

    Nov  2 13:49:07 Users-MacBookPro authorizationhost[192]: in pam_sm_setcred(): Got user: user

    Nov  2 13:49:07 Users-MacBookPro authorizationhost[192]: in pam_sm_setcred(): Context initialised

    Nov  2 13:49:07 Users-MacBookPro authorizationhost[192]: in pam_sm_setcred(): Got euid, egid: 0 0

    Nov  2 13:49:07 Users-MacBookPro authorizationhost[192]: in pam_sm_setcred(): Done getpwnam()

    Nov  2 13:49:07 Users-MacBookPro authorizationhost[192]: in pam_sm_setcred(): Done setegid() & seteuid()

    Nov  2 13:49:07 Users-MacBookPro authorizationhost[192]: in pam_sm_setcred(): pam_sm_setcred: krb5 user user doesn't have a principal

    Nov  2 13:49:07 Users-MacBookPro authorizationhost[192]: in pam_sm_setcred(): Done cleanup3

    Nov  2 13:49:07 Users-MacBookPro authorizationhost[192]: in pam_sm_setcred(): Done seteuid() & setegid()

    Nov  2 13:49:07 Users-MacBookPro authorizationhost[192]: in pam_sm_setcred(): Done cleanup4

    Nov  2 13:49:07 Users-MacBookPro authorizationhost[192]: in pam_sm_setcred(): pam_sm_setcred: ntlm

    Nov  2 13:49:07 Users-MacBookPro authorizationhost[192]: in ac_complete(): ac_complete returned: 0 for 501

    Nov  2 13:49:07 Users-MacBookPro authorizationhost[192]: in pam_sm_setcred(): pam_sm_setcred: ntlm done

    Nov  2 13:49:08 Users-MacBookPro SecurityAgent[164]: Login Window login proceeding

    Nov  2 13:49:09 Users-MacBookPro com.apple.SecurityServer[33]: Succeeded authorizing right 'system.login.console' by client '/System/Library/CoreServices/loginwindow.app' [81] for authorization created by '/System/Library/CoreServices/loginwindow.app' [81]

    Nov  2 13:49:09 Users-MacBookPro loginwindow[81]: Login Window - Returned from Security Agent

    Nov  2 13:49:09 Users-MacBookPro com.apple.SecurityServer[33]: Succeeded authorizing right 'system.login.done' by client '/System/Library/CoreServices/loginwindow.app' [81] for authorization created by '/System/Library/CoreServices/loginwindow.app' [81]

     

    "Kerberos refusing me". Can that be the problem, or is it a common error?

  • Redarm Level 4 Level 4 (2,580 points)

    Doesn't look like it's "Kerberos refusing you".  I think I've narrowed it down to the only error:

     

    Nov  2 13:49:02 Users-MacBookPro authorizationhost[192]: in pam_sm_authenticate(): pam_sm_authenticate: ntlm

    Nov  2 13:49:02 Users-MacBookPro authorizationhost[192]: in pam_sm_authenticate(): OpenDirectory - The authtok is incorrect.

    Nov  2 13:49:02 Users-MacBookPro authorizationhost[192]: Failed to authenticate user <user> (error: 9).

     

    When it tries to authenticate user, does that mean for ntlm and that's where it fails?  Now I know that in the past I have installed quite a few different Unix tools and services, but memory of it has faded.

     

    Also so far it looks like I'm leading this discussion with myself.  Am I in the wrong forum?  Where's the Unix forum gone?  Edit: ok, I found it.

  • Redarm Level 4 Level 4 (2,580 points)

    Ok, wrong path again.  After activating all things iCloud on the clean Lion installation I get the same error 9 - obviously a server error after all, but still don't get the blue screen at login.  Back to square 1.

  • Redarm Level 4 Level 4 (2,580 points)

    As I was double posting I mention it here too:

     

    Too boring to go on by myself.  Nobody seems to know anything anyway (like which files are used at login, etc.) or even have a clue that could put me on the right track, or the problem is not important enough.  In any case I'll stop posting until I find a fix.