Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.

Dismiss

Kerberos credential cache file generation issue.

304 views

Skip to first unread message

Reddy Reddy

unread,

Oct 22, 2010, 10:39:04 AM10/22/10

to kerb...@mit.edu

Hi Experts,

Kindly,help me regarding the Kerberos SSO configuration activity which I'm
facing the issue with the Kerberos Ticket-Granting-Ticket in the AIX
systems.

Actually, I have logged in to the User ID: SIDADM and execute the command
kinit -k* -t SAPService<SID>.keytab SAPService<SID>/<my.org>@<MY.ORG> *in
the AIX system and credential cache file generated in the /homesid/sidadm
directory. But as per the Kerberos guide the cache file has to save in the
/var/krb5/security/creds/krb5cc_<userid> directory. Kindly, suggest how to
change the directory path to /var/krb5/security/creds/krb5cc_<userid>.

Kindly, suggest & provide the solution to the above stated issue.

Thanks & Regards,
Reddy.

Vipin Rathor

unread,

Oct 22, 2010, 11:11:05 AM10/22/10

to Reddy Reddy, kerb...@mit.edu

Try doing kinit with full path i.e. /usr/krb5/bin/kinit <args>.. This
way u should get CC file in desired path.

If that doesn't work , try exporting KRB5CCNAME environment variable like this:
export KRB5CCNAME=FILE:/var/krb5/security/creds/krb5cc_[UID]

btw, which Kerberos distro you are using on AIX? (MIT or IBM)

--
-Rathor

> ________________________________________________
> Kerberos mailing list � � � � � Kerb...@mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>

Reddy Reddy

unread,

Oct 25, 2010, 5:15:25 PM10/25/10

to Vipin Rathor, kerb...@mit.edu

Hi Vipin,

The issue is resolved by using the command : kinit -k <SPN> -c
FILE:/var/krb5/security/creds/krb5cc_<user_id>.The ticket will then be
routed to the file specified for the -c parameter. By using the above
command I'm able to generate the Ticket-Granting-Ticket in the repective
location i.e,/var/krb5/security/creds/krb5cc_[UID]. But when execute the
command klist then it showing the error message like Cendential cache file :
homesid/sidadm is not available. Can you please let me know which is
creating the problem here. Actually, I have given the sidadm group & 755
permission to the Keytab file & krb5.conf file so that sidadm user id is
able to access the kerberos file.

Kindly,look in to the issue and suggest the solution...

OS : AIX 6.1
MIT Kerberos 5 version

Thanks & Regards,
Reddy.

Vipin Rathor

unread,

Oct 26, 2010, 1:49:23 AM10/26/10

to Reddy Reddy, kerb...@mit.edu

> But when execute the
> command klist then it showing the error message like Cendential cache file :
> homesid/sidadm is not available. Can you please let me know which is
> creating the problem here.

To successfully run klist, u again need to pass the cred cache file
name like this:
klist FILE:/var/krb5/security/creds/krb5cc_[UID]

--
-Rathor

0 new messages